« back to all changes in this revision
Viewing changes to serverguide/po/serverguide.pot
- browse files at revision 416
- compare with another revision
- download diff
- download tarball
- view history from revision 416
- Committer: Matthew East
- Date: 2010-01-09 14:40:31 UTC
- Revision ID: mdke@ubuntu.com-20100109144031-03n7x4ryvcz84it6
Refresh pot files, new changelog entry for version 10.04.1
- files modified:
- about-ubuntu/po/about-ubuntu.pot
added
removed
serverguide/po/serverguide.pot
1
#, fuzzy
2
1
msgid ""
3
2
msgstr ""
4
3
"Project-Id-Version: PACKAGE VERSION\n"
5
"Report-Msgid-Bugs-To: \n"
6
"POT-Creation-Date: 2009-10-04 21:24+0100\n"
4
"POT-Creation-Date: 2010-01-09 14:40+0000\n"
7
5
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
6
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
7
"Language-Team: LANGUAGE <LL@li.org>\n"
10
8
"MIME-Version: 1.0\n"
11
9
"Content-Type: text/plain; charset=UTF-8\n"
12
10
"Content-Transfer-Encoding: 8bit\n"
13
"X-Launchpad-Export-Date: 2009-10-16 07:28+0000\n"
14
"X-Generator: Launchpad (build Unknown)\n"
15
11
16
12
#: serverguide/C/serverguide-C.omf:6(creator) serverguide/C/serverguide-C.omf:7(maintainer)
17
13
msgid "ubuntu-doc@lists.ubuntu.com (Ubuntu Documentation Project)"
30
26
msgstr ""
31
27
32
28
#: serverguide/C/windows-networking.xml:15(para)
33
msgid ""
34
"Computer networks are often comprised of diverse systems, and while "
35
"operating a network made up entirely of Ubuntu desktop and server computers "
36
"would certainly be fun, some network environments must consist of both "
37
"Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark "
38
"class=\"registered\">Windows</trademark> systems working together in "
39
"harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces "
40
"principles and tools used in configuring your Ubuntu Server for sharing "
41
"network resources with Windows computers."
29
msgid "Computer networks are often comprised of diverse systems, and while operating a network made up entirely of Ubuntu desktop and server computers would certainly be fun, some network environments must consist of both Ubuntu and <trademark class=\"registered\">Microsoft</trademark><trademark class=\"registered\">Windows</trademark> systems working together in harmony. This section of the <phrase>Ubuntu</phrase> Server Guide introduces principles and tools used in configuring your Ubuntu Server for sharing network resources with Windows computers."
42
30
msgstr ""
43
31
44
32
#: serverguide/C/windows-networking.xml:25(title) serverguide/C/virtualization.xml:397(title) serverguide/C/security.xml:412(title) serverguide/C/remote-administration.xml:22(title) serverguide/C/package-management.xml:20(title) serverguide/C/introduction.xml:13(title)
46
34
msgstr ""
47
35
48
36
#: serverguide/C/windows-networking.xml:27(para)
49
msgid ""
50
"Successfully networking your Ubuntu system with Windows clients involves "
51
"providing and integrating with services common to Windows environments. Such "
52
"services assist the sharing of data and information about the computers and "
53
"users involved in the network, and may be classified under three major "
54
"categories of functionality:"
37
msgid "Successfully networking your Ubuntu system with Windows clients involves providing and integrating with services common to Windows environments. Such services assist the sharing of data and information about the computers and users involved in the network, and may be classified under three major categories of functionality:"
55
38
msgstr ""
56
39
57
40
#: serverguide/C/windows-networking.xml:35(para)
58
msgid ""
59
"<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using "
60
"the Server Message Block (SMB) protocol to facilitate the sharing of files, "
61
"folders, volumes, and the sharing of printers throughout the network."
41
msgid "<emphasis role=\"bold\">File and Printer Sharing Services</emphasis>. Using the Server Message Block (SMB) protocol to facilitate the sharing of files, folders, volumes, and the sharing of printers throughout the network."
62
42
msgstr ""
63
43
64
44
#: serverguide/C/windows-networking.xml:41(para)
65
msgid ""
66
"<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital "
67
"information about the computers and users of the network with such "
68
"technologies as the Lightweight Directory Access Protocol (LDAP) and "
69
"Microsoft <trademark class=\"registered\">Active Directory</trademark>."
45
msgid "<emphasis role=\"bold\">Directory Services</emphasis>. Sharing vital information about the computers and users of the network with such technologies as the Lightweight Directory Access Protocol (LDAP) and Microsoft <trademark class=\"registered\">Active Directory</trademark>."
70
46
msgstr ""
71
47
72
48
#: serverguide/C/windows-networking.xml:48(para)
73
msgid ""
74
"<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing "
75
"the identity of a computer or user of the network and determining the "
76
"information the computer or user is authorized to access using such "
77
"principles and technologies as file permissions, group policies, and the "
78
"Kerberos authentication service."
49
msgid "<emphasis role=\"bold\">Authentication and Access</emphasis>. Establishing the identity of a computer or user of the network and determining the information the computer or user is authorized to access using such principles and technologies as file permissions, group policies, and the Kerberos authentication service."
79
50
msgstr ""
80
51
81
52
#: serverguide/C/windows-networking.xml:56(para)
82
msgid ""
83
"Fortunately, your Ubuntu system may provide all such facilities to Windows "
84
"clients and share network resources among them. One of the principal pieces "
85
"of software your Ubuntu system includes for Windows networking is the Samba "
86
"suite of SMB server applications and tools."
53
msgid "Fortunately, your Ubuntu system may provide all such facilities to Windows clients and share network resources among them. One of the principal pieces of software your Ubuntu system includes for Windows networking is the Samba suite of SMB server applications and tools."
87
54
msgstr ""
88
55
89
56
#: serverguide/C/windows-networking.xml:62(para)
90
msgid ""
91
"This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some "
92
"of the common Samba use cases, and how to install and configure the "
93
"necessary packages. Additional detailed documentation and information on "
94
"Samba can be found on the <ulink url=\"http://www.samba.org\">Samba "
95
"website</ulink>."
57
msgid "This section of the <phrase>Ubuntu</phrase> Server Guide will introduce some of the common Samba use cases, and how to install and configure the necessary packages. Additional detailed documentation and information on Samba can be found on the <ulink url=\"http://www.samba.org\">Samba website</ulink>."
96
58
msgstr ""
97
59
98
60
#: serverguide/C/windows-networking.xml:70(title)
100
62
msgstr ""
101
63
102
64
#: serverguide/C/windows-networking.xml:72(para)
103
msgid ""
104
"One of the most common ways to network Ubuntu and Windows computers is to "
105
"configure Samba as a File Server. This section covers setting up a "
106
"<application>Samba</application> server to share files with Windows clients."
65
msgid "One of the most common ways to network Ubuntu and Windows computers is to configure Samba as a File Server. This section covers setting up a <application>Samba</application> server to share files with Windows clients."
107
66
msgstr ""
108
67
109
68
#: serverguide/C/windows-networking.xml:77(para)
110
msgid ""
111
"The server will be configured to share files with any client on the network "
112
"without prompting for a password. If your environment requires stricter "
113
"Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
69
msgid "The server will be configured to share files with any client on the network without prompting for a password. If your environment requires stricter Access Controls see <xref linkend=\"samba-fileprint-security\"/>"
114
70
msgstr ""
115
71
116
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:282(title) serverguide/C/windows-networking.xml:1279(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:669(title) serverguide/C/web-servers.xml:804(title) serverguide/C/web-servers.xml:925(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:1341(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:402(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:220(title) serverguide/C/network-config.xml:603(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1244(title) serverguide/C/network-auth.xml:1749(title) serverguide/C/network-auth.xml:2140(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:423(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:478(title) serverguide/C/mail.xml:651(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1284(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:282(title) serverguide/C/lamp-applications.xml:398(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:908(title) serverguide/C/file-server.xml:342(title) serverguide/C/file-server.xml:454(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:159(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:593(title)
72
#: serverguide/C/windows-networking.xml:83(title) serverguide/C/windows-networking.xml:282(title) serverguide/C/windows-networking.xml:1279(title) serverguide/C/web-servers.xml:41(title) serverguide/C/web-servers.xml:669(title) serverguide/C/web-servers.xml:804(title) serverguide/C/web-servers.xml:925(title) serverguide/C/vpn.xml:33(title) serverguide/C/virtualization.xml:62(title) serverguide/C/virtualization.xml:1341(title) serverguide/C/vcs.xml:28(title) serverguide/C/vcs.xml:86(title) serverguide/C/vcs.xml:402(title) serverguide/C/remote-administration.xml:52(title) serverguide/C/remote-administration.xml:220(title) serverguide/C/network-config.xml:604(title) serverguide/C/network-auth.xml:52(title) serverguide/C/network-auth.xml:1374(title) serverguide/C/network-auth.xml:1879(title) serverguide/C/network-auth.xml:2270(title) serverguide/C/monitoring.xml:42(title) serverguide/C/monitoring.xml:423(title) serverguide/C/mail.xml:40(title) serverguide/C/mail.xml:478(title) serverguide/C/mail.xml:651(title) serverguide/C/mail.xml:795(title) serverguide/C/mail.xml:1284(title) serverguide/C/lamp-applications.xml:108(title) serverguide/C/lamp-applications.xml:282(title) serverguide/C/lamp-applications.xml:398(title) serverguide/C/installation.xml:13(title) serverguide/C/installation.xml:910(title) serverguide/C/file-server.xml:342(title) serverguide/C/file-server.xml:454(title) serverguide/C/dns.xml:23(title) serverguide/C/databases.xml:40(title) serverguide/C/databases.xml:159(title) serverguide/C/chat.xml:37(title) serverguide/C/chat.xml:136(title) serverguide/C/backups.xml:593(title)
117
73
msgid "Installation"
118
74
msgstr ""
119
75
120
76
#: serverguide/C/windows-networking.xml:85(para)
121
msgid ""
122
"The first step is to install the <application>samba</application> package. "
123
"From a terminal prompt enter:"
77
msgid "The first step is to install the <application>samba</application> package. From a terminal prompt enter:"
124
78
msgstr ""
125
79
126
80
#: serverguide/C/windows-networking.xml:90(command) serverguide/C/windows-networking.xml:294(command)
128
82
msgstr ""
129
83
130
84
#: serverguide/C/windows-networking.xml:93(para)
131
msgid ""
132
"That's all there is to it; you are now ready to configure Samba to share "
133
"files."
85
msgid "That's all there is to it; you are now ready to configure Samba to share files."
134
86
msgstr ""
135
87
136
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:299(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:720(title) serverguide/C/web-servers.xml:815(title) serverguide/C/web-servers.xml:952(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/vpn.xml:137(title) serverguide/C/virtualization.xml:1226(title) serverguide/C/virtualization.xml:1415(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:420(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:245(title) serverguide/C/package-management.xml:365(title) serverguide/C/network-config.xml:625(title) serverguide/C/network-auth.xml:88(title) serverguide/C/network-auth.xml:1788(title) serverguide/C/network-auth.xml:2161(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:449(title) serverguide/C/mail.xml:487(title) serverguide/C/mail.xml:661(title) serverguide/C/mail.xml:880(title) serverguide/C/mail.xml:1309(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:309(title) serverguide/C/lamp-applications.xml:428(title) serverguide/C/file-server.xml:355(title) serverguide/C/file-server.xml:480(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:178(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:616(title)
88
#: serverguide/C/windows-networking.xml:99(title) serverguide/C/windows-networking.xml:299(title) serverguide/C/web-servers.xml:61(title) serverguide/C/web-servers.xml:720(title) serverguide/C/web-servers.xml:815(title) serverguide/C/web-servers.xml:952(title) serverguide/C/web-servers.xml:1046(title) serverguide/C/vpn.xml:137(title) serverguide/C/virtualization.xml:1226(title) serverguide/C/virtualization.xml:1415(title) serverguide/C/vcs.xml:39(title) serverguide/C/vcs.xml:420(title) serverguide/C/remote-administration.xml:74(title) serverguide/C/remote-administration.xml:245(title) serverguide/C/package-management.xml:365(title) serverguide/C/network-config.xml:626(title) serverguide/C/network-auth.xml:1918(title) serverguide/C/network-auth.xml:2291(title) serverguide/C/monitoring.xml:187(title) serverguide/C/monitoring.xml:449(title) serverguide/C/mail.xml:487(title) serverguide/C/mail.xml:661(title) serverguide/C/mail.xml:880(title) serverguide/C/mail.xml:1309(title) serverguide/C/lamp-applications.xml:128(title) serverguide/C/lamp-applications.xml:309(title) serverguide/C/lamp-applications.xml:428(title) serverguide/C/file-server.xml:355(title) serverguide/C/file-server.xml:480(title) serverguide/C/dns.xml:39(title) serverguide/C/databases.xml:84(title) serverguide/C/databases.xml:178(title) serverguide/C/clustering.xml:47(title) serverguide/C/chat.xml:57(title) serverguide/C/chat.xml:148(title) serverguide/C/backups.xml:616(title)
137
89
msgid "Configuration"
138
90
msgstr ""
139
91
140
92
#: serverguide/C/windows-networking.xml:101(para)
141
msgid ""
142
"The main Samba configuration file is located in "
143
"<filename>/etc/samba/smb.conf</filename>. The default configuration file has "
144
"a significant amount of comments in order to document various configuration "
145
"directives."
93
msgid "The main Samba configuration file is located in <filename>/etc/samba/smb.conf</filename>. The default configuration file has a significant amount of comments in order to document various configuration directives."
146
94
msgstr ""
147
95
148
96
#: serverguide/C/windows-networking.xml:106(para)
149
msgid ""
150
"Not all the available options are included in the default configuration "
151
"file. See the <filename>smb.conf</filename><application>man</application> "
152
"page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
153
"Collection/\">Samba HOWTO Collection</ulink> for more details."
97
msgid "Not all the available options are included in the default configuration file. See the <filename>smb.conf</filename><application>man</application> page or the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO Collection</ulink> for more details."
154
98
msgstr ""
155
99
156
100
#: serverguide/C/windows-networking.xml:116(para)
157
msgid ""
158
"First, edit the following key/value pairs in the "
159
"<emphasis>[global]</emphasis> section of "
160
"<filename>/etc/samba/smb.conf</filename>:"
101
msgid "First, edit the following key/value pairs in the <emphasis>[global]</emphasis> section of <filename>/etc/samba/smb.conf</filename>:"
161
102
msgstr ""
162
103
163
104
#: serverguide/C/windows-networking.xml:121(programlisting) serverguide/C/windows-networking.xml:306(programlisting) serverguide/C/windows-networking.xml:761(programlisting) serverguide/C/windows-networking.xml:975(programlisting)
164
105
#, no-wrap
165
msgid ""
166
"\n"
167
" workgroup = EXAMPLE\n"
168
" ...\n"
169
" security = user\n"
106
msgid "\n workgroup = EXAMPLE\n ...\n security = user\n"
170
107
msgstr ""
171
108
172
109
#: serverguide/C/windows-networking.xml:127(para)
173
msgid ""
174
"The <emphasis>security</emphasis> parameter is farther down in the [global] "
175
"section, and is commented by default. Also, change "
176
"<emphasis>EXAMPLE</emphasis> to better match your environment."
110
msgid "The <emphasis>security</emphasis> parameter is farther down in the [global] section, and is commented by default. Also, change <emphasis>EXAMPLE</emphasis> to better match your environment."
177
111
msgstr ""
178
112
179
113
#: serverguide/C/windows-networking.xml:135(para)
180
msgid ""
181
"Create a new section at the bottom of the file, or uncomment one of the "
182
"examples, for the directory to be shared:"
114
msgid "Create a new section at the bottom of the file, or uncomment one of the examples, for the directory to be shared:"
183
115
msgstr ""
184
116
185
117
#: serverguide/C/windows-networking.xml:139(programlisting)
186
118
#, no-wrap
187
msgid ""
188
"\n"
189
"[share]\n"
190
" comment = Ubuntu File Server Share\n"
191
" path = /srv/samba/share\n"
192
" browsable = yes\n"
193
" guest ok = yes\n"
194
" read only = no\n"
195
" create mask = 0755\n"
119
msgid "\n[share]\n comment = Ubuntu File Server Share\n path = /srv/samba/share\n browsable = yes\n guest ok = yes\n read only = no\n create mask = 0755\n"
196
120
msgstr ""
197
121
198
122
#: serverguide/C/windows-networking.xml:151(para)
199
msgid ""
200
"<emphasis>comment:</emphasis> a short description of the share. Adjust to "
201
"fit your needs."
123
msgid "<emphasis>comment:</emphasis> a short description of the share. Adjust to fit your needs."
202
124
msgstr ""
203
125
204
126
#: serverguide/C/windows-networking.xml:156(para)
206
128
msgstr ""
207
129
208
130
#: serverguide/C/windows-networking.xml:159(para)
209
msgid ""
210
"This example uses <filename>/srv/samba/sharename</filename> because, "
211
"according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, "
212
"<ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
213
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-"
214
"specific data should be served. Technically Samba shares can be placed "
215
"anywhere on the filesystem as long as the permissions are correct, but "
216
"adhering to standards is recommended."
131
msgid "This example uses <filename>/srv/samba/sharename</filename> because, according to the <emphasis>Filesystem Hierarchy Standard (FHS)</emphasis>, <ulink url=\"http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is where site-specific data should be served. Technically Samba shares can be placed anywhere on the filesystem as long as the permissions are correct, but adhering to standards is recommended."
217
132
msgstr ""
218
133
219
134
#: serverguide/C/windows-networking.xml:168(para)
220
msgid ""
221
"<emphasis>browsable:</emphasis> enables Windows clients to browse the shared "
222
"directory using <application>Windows Explorer</application>."
135
msgid "<emphasis>browsable:</emphasis> enables Windows clients to browse the shared directory using <application>Windows Explorer</application>."
223
136
msgstr ""
224
137
225
138
#: serverguide/C/windows-networking.xml:174(para)
226
msgid ""
227
"<emphasis>guest ok:</emphasis> allows clients to connect to the share "
228
"without supplying a password."
139
msgid "<emphasis>guest ok:</emphasis> allows clients to connect to the share without supplying a password."
229
140
msgstr ""
230
141
231
142
#: serverguide/C/windows-networking.xml:179(para)
232
msgid ""
233
"<emphasis>read only:</emphasis> determines if the share is read only or if "
234
"write privileges are granted. Write privileges are allowed only when the "
235
"value is <emphasis>no</emphasis>, as is seen in this example. If the value "
236
"is <emphasis>yes</emphasis>, then access to the share is read only."
143
msgid "<emphasis>read only:</emphasis> determines if the share is read only or if write privileges are granted. Write privileges are allowed only when the value is <emphasis>no</emphasis>, as is seen in this example. If the value is <emphasis>yes</emphasis>, then access to the share is read only."
237
144
msgstr ""
238
145
239
146
#: serverguide/C/windows-networking.xml:184(para)
240
msgid ""
241
"<emphasis>create mask:</emphasis> determines the permissions new files will "
242
"have when created."
147
msgid "<emphasis>create mask:</emphasis> determines the permissions new files will have when created."
243
148
msgstr ""
244
149
245
150
#: serverguide/C/windows-networking.xml:193(para)
246
msgid ""
247
"Now that <application>Samba</application> is configured, the directory needs "
248
"to be created and the permissions changed. From a terminal enter:"
151
msgid "Now that <application>Samba</application> is configured, the directory needs to be created and the permissions changed. From a terminal enter:"
249
152
msgstr ""
250
153
251
154
#: serverguide/C/windows-networking.xml:199(command)
257
160
msgstr ""
258
161
259
162
#: serverguide/C/windows-networking.xml:204(para)
260
msgid ""
261
"The <emphasis>-p</emphasis> switch tells mkdir to create the entire "
262
"directory tree if it doesn't exist. Change the share name to fit your "
263
"environment."
163
msgid "The <emphasis>-p</emphasis> switch tells mkdir to create the entire directory tree if it doesn't exist. Change the share name to fit your environment."
264
164
msgstr ""
265
165
266
166
#: serverguide/C/windows-networking.xml:213(para)
267
msgid ""
268
"Finally, restart the <application>samba</application> services to enable the "
269
"new configuration:"
167
msgid "Finally, restart the <application>samba</application> services to enable the new configuration:"
270
168
msgstr ""
271
169
272
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:326(command) serverguide/C/windows-networking.xml:458(command) serverguide/C/windows-networking.xml:557(command) serverguide/C/windows-networking.xml:922(command) serverguide/C/windows-networking.xml:1032(command) serverguide/C/windows-networking.xml:1142(command) serverguide/C/network-auth.xml:1523(command)
170
#: serverguide/C/windows-networking.xml:218(command) serverguide/C/windows-networking.xml:326(command) serverguide/C/windows-networking.xml:458(command) serverguide/C/windows-networking.xml:557(command) serverguide/C/windows-networking.xml:922(command) serverguide/C/windows-networking.xml:1032(command) serverguide/C/windows-networking.xml:1142(command) serverguide/C/network-auth.xml:1653(command)
273
171
msgid "sudo /etc/init.d/samba restart"
274
172
msgstr ""
275
173
276
174
#: serverguide/C/windows-networking.xml:225(para)
277
msgid ""
278
"Once again, the above configuration gives all access to any client on the "
279
"local network. For a more secure configuration see <xref linkend=\"samba-"
280
"fileprint-security\"/>."
175
msgid "Once again, the above configuration gives all access to any client on the local network. For a more secure configuration see <xref linkend=\"samba-fileprint-security\"/>."
281
176
msgstr ""
282
177
283
178
#: serverguide/C/windows-networking.xml:231(para)
284
msgid ""
285
"From a Windows client you should now be able to browse to the Ubuntu file "
286
"server and see the shared directory. To check that everything is working try "
287
"creating a directory from Windows."
179
msgid "From a Windows client you should now be able to browse to the Ubuntu file server and see the shared directory. To check that everything is working try creating a directory from Windows."
288
180
msgstr ""
289
181
290
182
#: serverguide/C/windows-networking.xml:236(para)
291
msgid ""
292
"To create additional shares simply create new <emphasis>[dir]</emphasis> "
293
"sections in <filename>/etc/samba/smb.conf</filename>, and restart "
294
"<emphasis>Samba</emphasis>. Just make sure that the directory you want to "
295
"share actually exists and the permissions are correct."
183
msgid "To create additional shares simply create new <emphasis>[dir]</emphasis> sections in <filename>/etc/samba/smb.conf</filename>, and restart <emphasis>Samba</emphasis>. Just make sure that the directory you want to share actually exists and the permissions are correct."
296
184
msgstr ""
297
185
298
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:336(title) serverguide/C/windows-networking.xml:686(title) serverguide/C/windows-networking.xml:1051(title) serverguide/C/windows-networking.xml:1253(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1163(title) serverguide/C/remote-administration.xml:478(title) serverguide/C/network-config.xml:247(title) serverguide/C/network-config.xml:490(title) serverguide/C/network-auth.xml:1199(title) serverguide/C/network-auth.xml:1638(title) serverguide/C/network-auth.xml:2236(title) serverguide/C/network-auth.xml:2739(title) serverguide/C/installation.xml:848(title) serverguide/C/installation.xml:1124(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:268(title) serverguide/C/backups.xml:855(title)
186
#: serverguide/C/windows-networking.xml:243(title) serverguide/C/windows-networking.xml:336(title) serverguide/C/windows-networking.xml:686(title) serverguide/C/windows-networking.xml:1051(title) serverguide/C/windows-networking.xml:1253(title) serverguide/C/virtualization.xml:366(title) serverguide/C/virtualization.xml:1163(title) serverguide/C/remote-administration.xml:478(title) serverguide/C/network-config.xml:248(title) serverguide/C/network-config.xml:491(title) serverguide/C/network-auth.xml:1329(title) serverguide/C/network-auth.xml:1768(title) serverguide/C/network-auth.xml:2366(title) serverguide/C/network-auth.xml:2869(title) serverguide/C/installation.xml:850(title) serverguide/C/installation.xml:1126(title) serverguide/C/databases.xml:122(title) serverguide/C/databases.xml:268(title) serverguide/C/backups.xml:855(title)
299
187
msgid "Resources"
300
188
msgstr ""
301
189
302
190
#: serverguide/C/windows-networking.xml:247(para) serverguide/C/windows-networking.xml:340(para) serverguide/C/windows-networking.xml:690(para) serverguide/C/windows-networking.xml:1055(para)
303
msgid ""
304
"For in depth Samba configurations see the <ulink "
305
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
306
"Collection</ulink>"
191
msgid "For in depth Samba configurations see the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO Collection</ulink>"
307
192
msgstr ""
308
193
309
194
#: serverguide/C/windows-networking.xml:253(para) serverguide/C/windows-networking.xml:346(para) serverguide/C/windows-networking.xml:696(para) serverguide/C/windows-networking.xml:1061(para)
310
msgid ""
311
"The guide is also available in <ulink "
312
"url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed "
313
"format</ulink>."
195
msgid "The guide is also available in <ulink url=\"http://www.amazon.com/exec/obidos/tg/detail/-/0131882228\">printed format</ulink>."
314
196
msgstr ""
315
197
316
198
#: serverguide/C/windows-networking.xml:259(para) serverguide/C/windows-networking.xml:352(para)
317
msgid ""
318
"O'Reilly's <ulink "
319
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
320
"another good reference."
199
msgid "O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is another good reference."
321
200
msgstr ""
322
201
323
202
#: serverguide/C/windows-networking.xml:269(title)
325
204
msgstr ""
326
205
327
206
#: serverguide/C/windows-networking.xml:271(para)
328
msgid ""
329
"Another common use of Samba is to configure it to share printers installed, "
330
"either locally or over the network, on an Ubuntu server. Similar to <xref "
331
"linkend=\"samba-fileserver\"/> this section will configure Samba to allow "
332
"any client on the local network to use the installed printers without "
333
"prompting for a username and password."
207
msgid "Another common use of Samba is to configure it to share printers installed, either locally or over the network, on an Ubuntu server. Similar to <xref linkend=\"samba-fileserver\"/> this section will configure Samba to allow any client on the local network to use the installed printers without prompting for a username and password."
334
208
msgstr ""
335
209
336
210
#: serverguide/C/windows-networking.xml:277(para)
337
msgid ""
338
"For a more secure configuration see <xref linkend=\"samba-fileprint-"
339
"security\"/>."
211
msgid "For a more secure configuration see <xref linkend=\"samba-fileprint-security\"/>."
340
212
msgstr ""
341
213
342
214
#: serverguide/C/windows-networking.xml:284(para)
343
msgid ""
344
"Before installing and configuring Samba it is best to already have a working "
345
"<application>CUPS</application> installation. See <xref linkend=\"cups\"/> "
346
"for details."
215
msgid "Before installing and configuring Samba it is best to already have a working <application>CUPS</application> installation. See <xref linkend=\"cups\"/> for details."
347
216
msgstr ""
348
217
349
218
#: serverguide/C/windows-networking.xml:289(para)
350
msgid ""
351
"To install the <application>samba</application> package, from a terminal "
352
"enter:"
219
msgid "To install the <application>samba</application> package, from a terminal enter:"
353
220
msgstr ""
354
221
355
222
#: serverguide/C/windows-networking.xml:300(para)
356
msgid ""
357
"After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change "
358
"the <emphasis>workgroup</emphasis> attribute to what is appropriate for your "
359
"network, and change <emphasis>security</emphasis> to <emphasis "
360
"role=\"italic\">share</emphasis>:"
223
msgid "After installing samba edit <filename>/etc/samba/smb.conf</filename>. Change the <emphasis>workgroup</emphasis> attribute to what is appropriate for your network, and change <emphasis>security</emphasis> to <emphasis role=\"italic\">share</emphasis>:"
361
224
msgstr ""
362
225
363
226
#: serverguide/C/windows-networking.xml:312(para)
364
msgid ""
365
"In the <emphasis>[printers]</emphasis> section change the <emphasis>guest "
366
"ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
227
msgid "In the <emphasis>[printers]</emphasis> section change the <emphasis>guest ok</emphasis> option to <emphasis role=\"italic\">yes</emphasis>:"
367
228
msgstr ""
368
229
369
230
#: serverguide/C/windows-networking.xml:316(programlisting)
370
231
#, no-wrap
371
msgid ""
372
"\n"
373
" browsable = yes\n"
374
" guest ok = yes\n"
232
msgid "\n browsable = yes\n guest ok = yes\n"
375
233
msgstr ""
376
234
377
235
#: serverguide/C/windows-networking.xml:321(para)
379
237
msgstr ""
380
238
381
239
#: serverguide/C/windows-networking.xml:329(para)
382
msgid ""
383
"The default Samba configuration will automatically share any printers "
384
"installed. Simply install the printer locally on your Windows clients."
240
msgid "The default Samba configuration will automatically share any printers installed. Simply install the printer locally on your Windows clients."
385
241
msgstr ""
386
242
387
243
#: serverguide/C/windows-networking.xml:358(para)
388
msgid ""
389
"Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for "
390
"more information on configuring CUPS."
244
msgid "Also, see the <ulink url=\"http://www.cups.org/\">CUPS Website</ulink> for more information on configuring CUPS."
391
245
msgstr ""
392
246
393
247
#: serverguide/C/windows-networking.xml:367(title)
399
253
msgstr ""
400
254
401
255
#: serverguide/C/windows-networking.xml:372(para)
402
msgid ""
403
"There are two security levels available to the Common Internet Filesystem "
404
"(CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-"
405
"level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation "
406
"allows more flexibility, providing four ways of implementing user-level "
407
"security and one way to implement share-level:"
256
msgid "There are two security levels available to the Common Internet Filesystem (CIFS) network protocol <emphasis>user-level</emphasis> and <emphasis>share-level</emphasis>. Samba's <emphasis>security mode</emphasis> implementation allows more flexibility, providing four ways of implementing user-level security and one way to implement share-level:"
408
257
msgstr ""
409
258
410
259
#: serverguide/C/windows-networking.xml:381(para)
411
msgid ""
412
"<emphasis>security = user:</emphasis> requires clients to supply a username "
413
"and password to connect to shares. Samba user accounts are separate from "
414
"system accounts, but the <application>libpam-smbpass</application> package "
415
"will sync system users and passwords with the Samba user database."
260
msgid "<emphasis>security = user:</emphasis> requires clients to supply a username and password to connect to shares. Samba user accounts are separate from system accounts, but the <application>libpam-smbpass</application> package will sync system users and passwords with the Samba user database."
416
261
msgstr ""
417
262
418
263
#: serverguide/C/windows-networking.xml:388(para)
419
msgid ""
420
"<emphasis>security = domain:</emphasis> this mode allows the Samba server to "
421
"appear to Windows clients as a Primary Domain Controller (PDC), Backup "
422
"Domain Controller (BDC), or a Domain Member Server (DMS). See <xref "
423
"linkend=\"samba-dc\"/> for further information."
264
msgid "<emphasis>security = domain:</emphasis> this mode allows the Samba server to appear to Windows clients as a Primary Domain Controller (PDC), Backup Domain Controller (BDC), or a Domain Member Server (DMS). See <xref linkend=\"samba-dc\"/> for further information."
424
265
msgstr ""
425
266
426
267
#: serverguide/C/windows-networking.xml:395(para)
427
msgid ""
428
"<emphasis>security = ADS:</emphasis> allows the Samba server to join an "
429
"Active Directory domain as a native member. See <xref linkend=\"samba-ad-"
430
"integration\"/> for details."
268
msgid "<emphasis>security = ADS:</emphasis> allows the Samba server to join an Active Directory domain as a native member. See <xref linkend=\"samba-ad-integration\"/> for details."
431
269
msgstr ""
432
270
433
271
#: serverguide/C/windows-networking.xml:401(para)
434
msgid ""
435
"<emphasis>security = server:</emphasis> this mode is left over from before "
436
"Samba could become a member server, and due to some security issues should "
437
"not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
438
"HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section "
439
"of the Samba guide for more details."
272
msgid "<emphasis>security = server:</emphasis> this mode is left over from before Samba could become a member server, and due to some security issues should not be used. See the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/ServerType.html#id349531\">Server Security</ulink> section of the Samba guide for more details."
440
273
msgstr ""
441
274
442
275
#: serverguide/C/windows-networking.xml:409(para)
443
msgid ""
444
"<emphasis>security = share:</emphasis> allows clients to connect to shares "
445
"without supplying a username and password."
276
msgid "<emphasis>security = share:</emphasis> allows clients to connect to shares without supplying a username and password."
446
277
msgstr ""
447
278
448
279
#: serverguide/C/windows-networking.xml:416(para)
449
msgid ""
450
"The security mode you choose will depend on your environment and what you "
451
"need the Samba server to accomplish."
280
msgid "The security mode you choose will depend on your environment and what you need the Samba server to accomplish."
452
281
msgstr ""
453
282
454
283
#: serverguide/C/windows-networking.xml:422(title)
456
285
msgstr ""
457
286
458
287
#: serverguide/C/windows-networking.xml:424(para)
459
msgid ""
460
"This section will reconfigure the Samba file and print server, from <xref "
461
"linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to "
462
"require authentication."
288
msgid "This section will reconfigure the Samba file and print server, from <xref linkend=\"samba-fileserver\"/> and <xref linkend=\"samba-printserver\"/>, to require authentication."
463
289
msgstr ""
464
290
465
291
#: serverguide/C/windows-networking.xml:429(para)
466
msgid ""
467
"First, install the <application>libpam-smbpass</application> package which "
468
"will sync the system users to the Samba user database:"
292
msgid "First, install the <application>libpam-smbpass</application> package which will sync the system users to the Samba user database:"
469
293
msgstr ""
470
294
471
295
#: serverguide/C/windows-networking.xml:435(command)
473
297
msgstr ""
474
298
475
299
#: serverguide/C/windows-networking.xml:439(para)
476
msgid ""
477
"If you chose the <emphasis>Samba Server</emphasis> task during installation "
478
"<application>libpam-smbpass</application> is already installed."
300
msgid "If you chose the <emphasis>Samba Server</emphasis> task during installation <application>libpam-smbpass</application> is already installed."
479
301
msgstr ""
480
302
481
303
#: serverguide/C/windows-networking.xml:445(para)
482
msgid ""
483
"Edit <filename>/etc/samba/smb.conf</filename>, and in the "
484
"<emphasis>[share]</emphasis> section change:"
304
msgid "Edit <filename>/etc/samba/smb.conf</filename>, and in the <emphasis>[share]</emphasis> section change:"
485
305
msgstr ""
486
306
487
307
#: serverguide/C/windows-networking.xml:449(programlisting)
488
308
#, no-wrap
489
msgid ""
490
"\n"
491
" guest ok = no\n"
309
msgid "\n guest ok = no\n"
492
310
msgstr ""
493
311
494
312
#: serverguide/C/windows-networking.xml:453(para)
496
314
msgstr ""
497
315
498
316
#: serverguide/C/windows-networking.xml:461(para)
499
msgid ""
500
"Now when connecting to the shared directories or printers you should be "
501
"prompted for a username and password."
317
msgid "Now when connecting to the shared directories or printers you should be prompted for a username and password."
502
318
msgstr ""
503
319
504
320
#: serverguide/C/windows-networking.xml:466(para)
505
msgid ""
506
"If you choose to map a network drive to the share you can check the "
507
"<quote>Reconnect at Logon</quote> check box, which will require you to only "
508
"enter the username and password once, at least until the password changes."
321
msgid "If you choose to map a network drive to the share you can check the <quote>Reconnect at Logon</quote> check box, which will require you to only enter the username and password once, at least until the password changes."
509
322
msgstr ""
510
323
511
324
#: serverguide/C/windows-networking.xml:474(title)
513
326
msgstr ""
514
327
515
328
#: serverguide/C/windows-networking.xml:476(para)
516
msgid ""
517
"There are several options available to increase the security for each "
518
"individual shared directory. Using the <emphasis>[share]</emphasis> example, "
519
"this section will cover some common options."
329
msgid "There are several options available to increase the security for each individual shared directory. Using the <emphasis>[share]</emphasis> example, this section will cover some common options."
520
330
msgstr ""
521
331
522
332
#: serverguide/C/windows-networking.xml:482(title)
524
334
msgstr ""
525
335
526
336
#: serverguide/C/windows-networking.xml:484(para)
527
msgid ""
528
"Groups define a collection of computers or users which have a common level "
529
"of access to particular network resources and offer a level of granularity "
530
"in controlling access to such resources. For example, if a group <emphasis "
531
"role=\"italic\">qa</emphasis> is defined and contains the users <emphasis "
532
"role=\"italic\">freda</emphasis>, <emphasis "
533
"role=\"italic\">danika</emphasis>, and <emphasis "
534
"role=\"italic\">rob</emphasis> and a second group <emphasis "
535
"role=\"italic\">support</emphasis> is defined and consists of users "
536
"<emphasis role=\"italic\">danika</emphasis>, <emphasis "
537
"role=\"italic\">jeremy</emphasis>, and <emphasis "
538
"role=\"italic\">vincent</emphasis> then certain network resources configured "
539
"to allow access by the <emphasis role=\"italic\">qa</emphasis> group will "
540
"subsequently enable access by freda, danika, and rob, but not jeremy or "
541
"vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs "
542
"to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis "
543
"role=\"italic\">support</emphasis> groups, she will be able to access "
544
"resources configured for access by both groups, whereas all other users will "
545
"have only access to resources explicitly allowing the group they are part of."
337
msgid "Groups define a collection of computers or users which have a common level of access to particular network resources and offer a level of granularity in controlling access to such resources. For example, if a group <emphasis role=\"italic\">qa</emphasis> is defined and contains the users <emphasis role=\"italic\">freda</emphasis>, <emphasis role=\"italic\">danika</emphasis>, and <emphasis role=\"italic\">rob</emphasis> and a second group <emphasis role=\"italic\">support</emphasis> is defined and consists of users <emphasis role=\"italic\">danika</emphasis>, <emphasis role=\"italic\">jeremy</emphasis>, and <emphasis role=\"italic\">vincent</emphasis> then certain network resources configured to allow access by the <emphasis role=\"italic\">qa</emphasis> group will subsequently enable access by freda, danika, and rob, but not jeremy or vincent. Since the user <emphasis role=\"italic\">danika</emphasis> belongs to both the <emphasis role=\"italic\">qa</emphasis> and <emphasis role=\"italic\">support</emphasis> groups, she will be able to access resources configured for access by both groups, whereas all other users will have only access to resources explicitly allowing the group they are part of."
546
338
msgstr ""
547
339
548
340
#: serverguide/C/windows-networking.xml:498(para)
549
msgid ""
550
"By default Samba looks for the local system groups defined in "
551
"<filename>/etc/group</filename> to determine which users belong to which "
552
"groups. For more information on adding and removing users from groups see "
553
"<xref linkend=\"adding-deleting-users\"/>."
341
msgid "By default Samba looks for the local system groups defined in <filename>/etc/group</filename> to determine which users belong to which groups. For more information on adding and removing users from groups see <xref linkend=\"adding-deleting-users\"/>."
554
342
msgstr ""
555
343
556
344
#: serverguide/C/windows-networking.xml:504(para)
557
msgid ""
558
"When defining groups in the Samba configuration file, "
559
"<filename>/etc/samba/smb.conf</filename>, the recognized syntax is to "
560
"preface the group name with an \"@\" symbol. For example, if you wished to "
561
"define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a "
562
"certain section of the <filename>/etc/samba/smb.conf</filename>, you would "
563
"do so by entering the group name as <emphasis "
564
"role=\"bold\">@sysadmin</emphasis>."
345
msgid "When defining groups in the Samba configuration file, <filename>/etc/samba/smb.conf</filename>, the recognized syntax is to preface the group name with an \"@\" symbol. For example, if you wished to define a group named <emphasis role=\"italic\">sysadmin</emphasis> in a certain section of the <filename>/etc/samba/smb.conf</filename>, you would do so by entering the group name as <emphasis role=\"bold\">@sysadmin</emphasis>."
565
346
msgstr ""
566
347
567
348
#: serverguide/C/windows-networking.xml:513(title)
569
350
msgstr ""
570
351
571
352
#: serverguide/C/windows-networking.xml:515(para)
572
msgid ""
573
"File Permissions define the explicit rights a computer or user has to a "
574
"particular directory, file, or set of files. Such permissions may be defined "
575
"by editing the <filename>/etc/samba/smb.conf</filename> file and specifying "
576
"the explicit permissions of a defined file share."
353
msgid "File Permissions define the explicit rights a computer or user has to a particular directory, file, or set of files. Such permissions may be defined by editing the <filename>/etc/samba/smb.conf</filename> file and specifying the explicit permissions of a defined file share."
577
354
msgstr ""
578
355
579
356
#: serverguide/C/windows-networking.xml:521(para)
580
msgid ""
581
"For example, if you have defined a Samba share called "
582
"<emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-"
583
"only</emphasis> permissions to the group of users known as <emphasis "
584
"role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by "
585
"the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user "
586
"named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the "
587
"<filename>/etc/samba/smb.conf</filename> file, and add the following entries "
588
"under the <emphasis>[share]</emphasis> entry:"
357
msgid "For example, if you have defined a Samba share called <emphasis>share</emphasis> and wish to give <emphasis role=\"italic\">read-only</emphasis> permissions to the group of users known as <emphasis role=\"italic\">qa</emphasis>, but wanted to allow writing to the share by the group called <emphasis role=\"italic\">sysadmin</emphasis> and the user named <emphasis role=\"italic\">vincent</emphasis>, then you could edit the <filename>/etc/samba/smb.conf</filename> file, and add the following entries under the <emphasis>[share]</emphasis> entry:"
589
358
msgstr ""
590
359
591
360
#: serverguide/C/windows-networking.xml:530(programlisting)
592
361
#, no-wrap
593
msgid ""
594
"\n"
595
" read list = @qa\n"
596
" write list = @sysadmin, vincent\n"
362
msgid "\n read list = @qa\n write list = @sysadmin, vincent\n"
597
363
msgstr ""
598
364
599
365
#: serverguide/C/windows-networking.xml:535(para)
600
msgid ""
601
"Another possible Samba permission is to declare "
602
"<emphasis>administrative</emphasis> permissions to a particular shared "
603
"resource. Users having administrative permissions may read, write, or modify "
604
"any information contained in the resource the user has been given explicit "
605
"administrative permissions to."
366
msgid "Another possible Samba permission is to declare <emphasis>administrative</emphasis> permissions to a particular shared resource. Users having administrative permissions may read, write, or modify any information contained in the resource the user has been given explicit administrative permissions to."
606
367
msgstr ""
607
368
608
369
#: serverguide/C/windows-networking.xml:541(para)
609
msgid ""
610
"For example, if you wanted to give the user <emphasis "
611
"role=\"italic\">melissa</emphasis> administrative permissions to the "
612
"<emphasis role=\"italic\">share</emphasis> example, you would edit the "
613
"<filename>/etc/samba/smb.conf</filename> file, and add the following line "
614
"under the <emphasis>[share]</emphasis> entry:"
370
msgid "For example, if you wanted to give the user <emphasis role=\"italic\">melissa</emphasis> administrative permissions to the <emphasis role=\"italic\">share</emphasis> example, you would edit the <filename>/etc/samba/smb.conf</filename> file, and add the following line under the <emphasis>[share]</emphasis> entry:"
615
371
msgstr ""
616
372
617
373
#: serverguide/C/windows-networking.xml:548(programlisting)
618
374
#, no-wrap
619
msgid ""
620
"\n"
621
" admin users = melissa\n"
375
msgid "\n admin users = melissa\n"
622
376
msgstr ""
623
377
624
378
#: serverguide/C/windows-networking.xml:552(para)
625
msgid ""
626
"After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for "
627
"the changes to take effect:"
379
msgid "After editing <filename>/etc/samba/smb.conf</filename>, restart Samba for the changes to take effect:"
628
380
msgstr ""
629
381
630
382
#: serverguide/C/windows-networking.xml:561(para)
631
msgid ""
632
"For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> "
633
"to work the Samba security mode must <emphasis>not</emphasis> be set to "
634
"<emphasis role=\"italic\">security = share</emphasis>"
383
msgid "For the <emphasis>read list</emphasis> and <emphasis>write list</emphasis> to work the Samba security mode must <emphasis>not</emphasis> be set to <emphasis role=\"italic\">security = share</emphasis>"
635
384
msgstr ""
636
385
637
386
#: serverguide/C/windows-networking.xml:567(para)
638
msgid ""
639
"Now that Samba has been configured to limit which groups have access to the "
640
"shared directory, the filesystem permissions need to be updated."
387
msgid "Now that Samba has been configured to limit which groups have access to the shared directory, the filesystem permissions need to be updated."
641
388
msgstr ""
642
389
643
390
#: serverguide/C/windows-networking.xml:572(para)
644
msgid ""
645
"Traditional Linux file permissions do not map well to Windows NT Access "
646
"Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers "
647
"providing more fine grained control. For example, to enable ACLs on "
648
"<filename>/srv</filename> an EXT3 filesystem, edit "
649
"<filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
391
msgid "Traditional Linux file permissions do not map well to Windows NT Access Control Lists (ACLs). Fortunately POSIX ACLs are available on Ubuntu servers providing more fine grained control. For example, to enable ACLs on <filename>/srv</filename> an EXT3 filesystem, edit <filename>/etc/fstab</filename> adding the <emphasis>acl</emphasis> option:"
650
392
msgstr ""
651
393
652
394
#: serverguide/C/windows-networking.xml:579(programlisting)
653
395
#, no-wrap
654
msgid ""
655
"\n"
656
"UUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl "
657
"0 1\n"
396
msgid "\nUUID=66bcdd2e-8861-4fb0-b7e4-e61c569fe17d /srv ext3 noatime,relatime,acl 0 1\n"
658
397
msgstr ""
659
398
660
399
#: serverguide/C/windows-networking.xml:583(para)
666
405
msgstr ""
667
406
668
407
#: serverguide/C/windows-networking.xml:592(para)
669
msgid ""
670
"The above example assumes <filename>/srv</filename> on a separate partition. "
671
"If <filename>/srv</filename>, or wherever you have configured your share "
672
"path, is part of the <filename>/</filename> partition a reboot may be "
673
"required."
408
msgid "The above example assumes <filename>/srv</filename> on a separate partition. If <filename>/srv</filename>, or wherever you have configured your share path, is part of the <filename>/</filename> partition a reboot may be required."
674
409
msgstr ""
675
410
676
411
#: serverguide/C/windows-networking.xml:599(para)
677
msgid ""
678
"To match the Samba configuration above the <emphasis>sysadmin</emphasis> "
679
"group will be given read, write, and execute permissions to "
680
"<filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group "
681
"will be given read and execute permissions, and the files will be owned by "
682
"the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
412
msgid "To match the Samba configuration above the <emphasis>sysadmin</emphasis> group will be given read, write, and execute permissions to <filename>/srv/samba/share</filename>, the <emphasis>qa</emphasis> group will be given read and execute permissions, and the files will be owned by the username <emphasis>melissa</emphasis>. Enter the following in a terminal:"
683
413
msgstr ""
684
414
685
415
#: serverguide/C/windows-networking.xml:607(command)
695
425
msgstr ""
696
426
697
427
#: serverguide/C/windows-networking.xml:613(para)
698
msgid ""
699
"The <application>setfacl</application> command above gives "
700
"<emphasis>execute</emphasis> permissions to all files in the "
701
"<filename>/srv/samba/share</filename> directory, which you may or may not "
702
"want."
428
msgid "The <application>setfacl</application> command above gives <emphasis>execute</emphasis> permissions to all files in the <filename>/srv/samba/share</filename> directory, which you may or may not want."
703
429
msgstr ""
704
430
705
431
#: serverguide/C/windows-networking.xml:619(para)
706
msgid ""
707
"Now from a Windows client you should notice the new file permissions are "
708
"implemented. See the <application>acl</application> and "
709
"<application>setfacl</application> man pages for more information on POSIX "
710
"ACLs."
432
msgid "Now from a Windows client you should notice the new file permissions are implemented. See the <application>acl</application> and <application>setfacl</application> man pages for more information on POSIX ACLs."
711
433
msgstr ""
712
434
713
435
#: serverguide/C/windows-networking.xml:627(title)
715
437
msgstr ""
716
438
717
439
#: serverguide/C/windows-networking.xml:629(para)
718
msgid ""
719
"Ubuntu comes with the <application>AppArmor</application> security module, "
720
"which provides mandatory access controls. The default AppArmor profile for "
721
"Samba will need to be adapted to your configuration. For more details on "
722
"using AppArmor see <xref linkend=\"apparmor\"/>."
440
msgid "Ubuntu comes with the <application>AppArmor</application> security module, which provides mandatory access controls. The default AppArmor profile for Samba will need to be adapted to your configuration. For more details on using AppArmor see <xref linkend=\"apparmor\"/>."
723
441
msgstr ""
724
442
725
443
#: serverguide/C/windows-networking.xml:635(para)
726
msgid ""
727
"There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> "
728
"and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part "
729
"of the <application>apparmor-profiles</application> packages. To install the "
730
"package, from a terminal prompt enter:"
444
msgid "There are default AppArmor profiles for <filename>/usr/sbin/smbd</filename> and <filename>/usr/sbin/nmbd</filename>, the Samba daemon binaries, as part of the <application>apparmor-profiles</application> packages. To install the package, from a terminal prompt enter:"
731
445
msgstr ""
732
446
733
447
#: serverguide/C/windows-networking.xml:642(command) serverguide/C/security.xml:978(command)
739
453
msgstr ""
740
454
741
455
#: serverguide/C/windows-networking.xml:651(para)
742
msgid ""
743
"By default the profiles for <application>smbd</application> and "
744
"<application>nmbd</application> are in <emphasis>complain</emphasis> mode "
745
"allowing Samba to work without modifying the profile, and only logging "
746
"errors. To place the <application>smbd</application> profile into "
747
"<emphasis>enforce</emphasis> mode, and have Samba work as expected, the "
748
"profile will need to be modified to reflect any directories that are shared."
456
msgid "By default the profiles for <application>smbd</application> and <application>nmbd</application> are in <emphasis>complain</emphasis> mode allowing Samba to work without modifying the profile, and only logging errors. To place the <application>smbd</application> profile into <emphasis>enforce</emphasis> mode, and have Samba work as expected, the profile will need to be modified to reflect any directories that are shared."
749
457
msgstr ""
750
458
751
459
#: serverguide/C/windows-networking.xml:658(para)
752
msgid ""
753
"Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information "
754
"for <emphasis>[share]</emphasis> from the file server example:"
460
msgid "Edit <filename>/etc/apparmor.d/usr.sbin.smbd</filename> adding information for <emphasis>[share]</emphasis> from the file server example:"
755
461
msgstr ""
756
462
757
463
#: serverguide/C/windows-networking.xml:663(programlisting)
758
464
#, no-wrap
759
msgid ""
760
"\n"
761
" /srv/samba/share/ r,\n"
762
" /srv/samba/share/** rwkix,\n"
465
msgid "\n /srv/samba/share/ r,\n /srv/samba/share/** rwkix,\n"
763
466
msgstr ""
764
467
765
468
#: serverguide/C/windows-networking.xml:668(para)
766
msgid ""
767
"Now place the profile into <emphasis>enforce</emphasis> and reload it:"
469
msgid "Now place the profile into <emphasis>enforce</emphasis> and reload it:"
768
470
msgstr ""
769
471
770
472
#: serverguide/C/windows-networking.xml:673(command)
776
478
msgstr ""
777
479
778
480
#: serverguide/C/windows-networking.xml:677(para)
779
msgid ""
780
"You should now be able to read, write, and execute files in the shared "
781
"directory as normal, and the <application>smbd</application> binary will "
782
"have access to only the configured files and directories. Be sure to add "
783
"entries for each directory you configure Samba to share. Also, any errors "
784
"will be logged to <filename>/var/log/syslog</filename>."
481
msgid "You should now be able to read, write, and execute files in the shared directory as normal, and the <application>smbd</application> binary will have access to only the configured files and directories. Be sure to add entries for each directory you configure Samba to share. Also, any errors will be logged to <filename>/var/log/syslog</filename>."
785
482
msgstr ""
786
483
787
484
#: serverguide/C/windows-networking.xml:702(para) serverguide/C/windows-networking.xml:1067(para)
788
msgid ""
789
"O'Reilly's <ulink "
790
"url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is "
791
"also a good reference."
485
msgid "O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/9780596007690/\">Using Samba</ulink> is also a good reference."
792
486
msgstr ""
793
487
794
488
#: serverguide/C/windows-networking.xml:708(para)
795
msgid ""
796
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-"
797
"samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to "
798
"security."
489
msgid "<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/securing-samba.html\">Chapter 18</ulink> of the Samba HOWTO Collection is devoted to security."
799
490
msgstr ""
800
491
801
492
#: serverguide/C/windows-networking.xml:714(para)
802
msgid ""
803
"For more information on Samba and ACLs see the <ulink "
804
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-"
805
"Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
493
msgid "For more information on Samba and ACLs see the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id397568\">Samba ACLs page </ulink>."
806
494
msgstr ""
807
495
808
496
#: serverguide/C/windows-networking.xml:725(title)
810
498
msgstr ""
811
499
812
500
#: serverguide/C/windows-networking.xml:727(para)
813
msgid ""
814
"Although it cannot act as an Active Directory Primary Domain Controller "
815
"(PDC), a Samba server can be configured to appear as a Windows NT4-style "
816
"domain controller. A major advantage of this configuration is the ability to "
817
"centralize user and machine credentials. Samba can also use multiple "
818
"backends to store the user information."
501
msgid "Although it cannot act as an Active Directory Primary Domain Controller (PDC), a Samba server can be configured to appear as a Windows NT4-style domain controller. A major advantage of this configuration is the ability to centralize user and machine credentials. Samba can also use multiple backends to store the user information."
819
502
msgstr ""
820
503
821
504
#: serverguide/C/windows-networking.xml:734(title)
823
506
msgstr ""
824
507
825
508
#: serverguide/C/windows-networking.xml:736(para)
826
msgid ""
827
"This section covers configuring Samba as a Primary Domain Controller (PDC) "
828
"using the default smbpasswd backend."
509
msgid "This section covers configuring Samba as a Primary Domain Controller (PDC) using the default smbpasswd backend."
829
510
msgstr ""
830
511
831
512
#: serverguide/C/windows-networking.xml:743(para)
832
msgid ""
833
"First, install Samba, and <application>libpam-smbpass</application> to sync "
834
"the user accounts, by entering the following in a terminal prompt:"
513
msgid "First, install Samba, and <application>libpam-smbpass</application> to sync the user accounts, by entering the following in a terminal prompt:"
835
514
msgstr ""
836
515
837
516
#: serverguide/C/windows-networking.xml:749(command) serverguide/C/windows-networking.xml:965(command)
839
518
msgstr ""
840
519
841
520
#: serverguide/C/windows-networking.xml:755(para)
842
msgid ""
843
"Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. "
844
"The <emphasis>security</emphasis> mode should be set to <emphasis "
845
"role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> "
846
"should relate to your organization:"
521
msgid "Next, configure Samba by editing <filename>/etc/samba/smb.conf</filename>. The <emphasis>security</emphasis> mode should be set to <emphasis role=\"italic\">user</emphasis>, and the <emphasis>workgroup</emphasis> should relate to your organization:"
847
522
msgstr ""
848
523
849
524
#: serverguide/C/windows-networking.xml:770(para)
850
msgid ""
851
"In the commented <quote>Domains</quote> section add or uncomment the "
852
"following:"
525
msgid "In the commented <quote>Domains</quote> section add or uncomment the following:"
853
526
msgstr ""
854
527
855
528
#: serverguide/C/windows-networking.xml:774(programlisting)
856
529
#, no-wrap
857
msgid ""
858
"\n"
859
" domain logons = yes\n"
860
" logon path = \\\\%N\\%U\\profile\n"
861
" logon drive = H:\n"
862
" logon home = \\\\%N\\%U\n"
863
" logon script = logon.cmd\n"
864
" add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d "
865
"/var/lib/samba -s /bin/false %u\n"
530
msgid "\n domain logons = yes\n logon path = \\\\%N\\%U\\profile\n logon drive = H:\n logon home = \\\\%N\\%U\n logon script = logon.cmd\n add machine script = sudo /usr/sbin/useradd -N -g machines -c Machine -d /var/lib/samba -s /bin/false %u\n"
866
531
msgstr ""
867
532
868
533
#: serverguide/C/windows-networking.xml:785(para)
869
msgid ""
870
"<emphasis>domain logons:</emphasis> provides the netlogon service causing "
871
"Samba to act as a domain controller."
534
msgid "<emphasis>domain logons:</emphasis> provides the netlogon service causing Samba to act as a domain controller."
872
535
msgstr ""
873
536
874
537
#: serverguide/C/windows-networking.xml:790(para)
875
msgid ""
876
"<emphasis>logon path:</emphasis> places the user's Windows profile into "
877
"their home directory. It is also possible to configure a "
878
"<emphasis>[profiles]</emphasis> share placing all profiles under a single "
879
"directory."
538
msgid "<emphasis>logon path:</emphasis> places the user's Windows profile into their home directory. It is also possible to configure a <emphasis>[profiles]</emphasis> share placing all profiles under a single directory."
880
539
msgstr ""
881
540
882
541
#: serverguide/C/windows-networking.xml:796(para)
883
msgid ""
884
"<emphasis>logon drive:</emphasis> specifies the home directory local path."
542
msgid "<emphasis>logon drive:</emphasis> specifies the home directory local path."
885
543
msgstr ""
886
544
887
545
#: serverguide/C/windows-networking.xml:801(para)
888
msgid ""
889
"<emphasis>logon home:</emphasis> specifies the home directory location."
546
msgid "<emphasis>logon home:</emphasis> specifies the home directory location."
890
547
msgstr ""
891
548
892
549
#: serverguide/C/windows-networking.xml:806(para)
893
msgid ""
894
"<emphasis>logon script:</emphasis> determines the script to be run locally "
895
"once a user has logged in. The script needs to be placed in the "
896
"<emphasis>[netlogon]</emphasis> share."
550
msgid "<emphasis>logon script:</emphasis> determines the script to be run locally once a user has logged in. The script needs to be placed in the <emphasis>[netlogon]</emphasis> share."
897
551
msgstr ""
898
552
899
553
#: serverguide/C/windows-networking.xml:812(para)
900
msgid ""
901
"<emphasis>add machine script:</emphasis> a script that will automatically "
902
"create the <emphasis>Machine Trust Account</emphasis> needed for a "
903
"workstation to join the domain."
554
msgid "<emphasis>add machine script:</emphasis> a script that will automatically create the <emphasis>Machine Trust Account</emphasis> needed for a workstation to join the domain."
904
555
msgstr ""
905
556
906
557
#: serverguide/C/windows-networking.xml:816(para)
907
msgid ""
908
"In this example the <emphasis>machines</emphasis> group will need to be "
909
"created using the <application>addgroup</application> utility see <xref "
910
"linkend=\"adding-deleting-users\"/> for details."
558
msgid "In this example the <emphasis>machines</emphasis> group will need to be created using the <application>addgroup</application> utility see <xref linkend=\"adding-deleting-users\"/> for details."
911
559
msgstr ""
912
560
913
561
#: serverguide/C/windows-networking.xml:824(para)
914
msgid ""
915
"If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the "
916
"<emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options "
917
"commented."
562
msgid "If you wish to not use <emphasis>Roaming Profiles</emphasis> leave the <emphasis>logon home</emphasis> and <emphasis>logon path</emphasis> options commented."
918
563
msgstr ""
919
564
920
565
#: serverguide/C/windows-networking.xml:833(para)
921
msgid ""
922
"Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis "
923
"role=\"italic\">logon home</emphasis> to be mapped:"
566
msgid "Uncomment the <emphasis>[homes]</emphasis> share to allow the <emphasis role=\"italic\">logon home</emphasis> to be mapped:"
924
567
msgstr ""
925
568
926
569
#: serverguide/C/windows-networking.xml:838(programlisting)
927
570
#, no-wrap
928
msgid ""
929
"\n"
930
"[homes]\n"
931
" comment = Home Directories\n"
932
" browseable = no\n"
933
" read only = no\n"
934
" create mask = 0700\n"
935
" directory mask = 0700\n"
936
" valid users = %S\n"
571
msgid "\n[homes]\n comment = Home Directories\n browseable = no\n read only = no\n create mask = 0700\n directory mask = 0700\n valid users = %S\n"
937
572
msgstr ""
938
573
939
574
#: serverguide/C/windows-networking.xml:851(para)
940
msgid ""
941
"When configured as a domain controller a <emphasis>[netlogon]</emphasis> "
942
"share needs to be configured. To enable the share, uncomment:"
575
msgid "When configured as a domain controller a <emphasis>[netlogon]</emphasis> share needs to be configured. To enable the share, uncomment:"
943
576
msgstr ""
944
577
945
578
#: serverguide/C/windows-networking.xml:856(programlisting)
946
579
#, no-wrap
947
msgid ""
948
"\n"
949
"[netlogon]\n"
950
" comment = Network Logon Service\n"
951
" path = /srv/samba/netlogon\n"
952
" guest ok = yes\n"
953
" read only = yes\n"
954
" share modes = no\n"
580
msgid "\n[netlogon]\n comment = Network Logon Service\n path = /srv/samba/netlogon\n guest ok = yes\n read only = yes\n share modes = no\n"
955
581
msgstr ""
956
582
957
583
#: serverguide/C/windows-networking.xml:866(para)
958
msgid ""
959
"The original <emphasis>netlogon</emphasis> share path is "
960
"<filename>/home/samba/netlogon</filename>, but according to the Filesystem "
961
"Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-"
962
"2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct "
963
"location for site-specific data provided by the system."
584
msgid "The original <emphasis>netlogon</emphasis> share path is <filename>/home/samba/netlogon</filename>, but according to the Filesystem Hierarchy Standard (FHS), <ulink url=\"http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM\">/srv</ulink> is the correct location for site-specific data provided by the system."
964
585
msgstr ""
965
586
966
587
#: serverguide/C/windows-networking.xml:877(para)
967
msgid ""
968
"Now create the <filename role=\"directory\">netlogon</filename> directory, "
969
"and an empty (for now) <filename>logon.cmd</filename> script file:"
588
msgid "Now create the <filename role=\"directory\">netlogon</filename> directory, and an empty (for now) <filename>logon.cmd</filename> script file:"
970
589
msgstr ""
971
590
972
591
#: serverguide/C/windows-networking.xml:883(command)
978
597
msgstr ""
979
598
980
599
#: serverguide/C/windows-networking.xml:887(para)
981
msgid ""
982
"You can enter any normal Windows logon script commands in "
983
"<filename>logon.cmd</filename> to customize the client's environment."
600
msgid "You can enter any normal Windows logon script commands in <filename>logon.cmd</filename> to customize the client's environment."
984
601
msgstr ""
985
602
986
603
#: serverguide/C/windows-networking.xml:895(para)
987
msgid ""
988
"With <emphasis>root</emphasis> being disabled by default, in order to join a "
989
"workstation to the domain, a system group needs to be mapped to the Windows "
990
"<emphasis>Domain Admins</emphasis> group. Using the "
991
"<application>net</application> utility, from a terminal enter:"
604
msgid "With <emphasis>root</emphasis> being disabled by default, in order to join a workstation to the domain, a system group needs to be mapped to the Windows <emphasis>Domain Admins</emphasis> group. Using the <application>net</application> utility, from a terminal enter:"
992
605
msgstr ""
993
606
994
607
#: serverguide/C/windows-networking.xml:902(command)
995
msgid ""
996
"sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 "
997
"type=d"
608
msgid "sudo net groupmap add ntgroup=\"Domain Admins\" unixgroup=sysadmin rid=512 type=d"
998
609
msgstr ""
999
610
1000
611
#: serverguide/C/windows-networking.xml:906(para)
1001
msgid ""
1002
"Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you "
1003
"prefer. Also, the user used to join the domain needs to be a member of the "
1004
"<emphasis>sysadmin</emphasis> group, as well as a member of the system "
1005
"<emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group "
1006
"allows <application>sudo</application> use."
612
msgid "Change <emphasis role=\"italic\">sysadmin</emphasis> to whichever group you prefer. Also, the user used to join the domain needs to be a member of the <emphasis>sysadmin</emphasis> group, as well as a member of the system <emphasis>admin</emphasis> group. The <emphasis>admin</emphasis> group allows <application>sudo</application> use."
1007
613
msgstr ""
1008
614
1009
615
#: serverguide/C/windows-networking.xml:917(para)
1011
617
msgstr ""
1012
618
1013
619
#: serverguide/C/windows-networking.xml:928(para)
1014
msgid ""
1015
"You should now be able to join Windows clients to the Domain in the same "
1016
"manner as joining them to an NT4 domain running on a Windows server."
620
msgid "You should now be able to join Windows clients to the Domain in the same manner as joining them to an NT4 domain running on a Windows server."
1017
621
msgstr ""
1018
622
1019
623
#: serverguide/C/windows-networking.xml:938(title)
1021
625
msgstr ""
1022
626
1023
627
#: serverguide/C/windows-networking.xml:940(para)
1024
msgid ""
1025
"With a Primary Domain Controller (PDC) on the network it is best to have a "
1026
"Backup Domain Controller (BDC) as well. This will allow clients to "
1027
"authenticate in case the PDC becomes unavailable."
628
msgid "With a Primary Domain Controller (PDC) on the network it is best to have a Backup Domain Controller (BDC) as well. This will allow clients to authenticate in case the PDC becomes unavailable."
1028
629
msgstr ""
1029
630
1030
631
#: serverguide/C/windows-networking.xml:945(para)
1031
msgid ""
1032
"When configuring Samba as a BDC you need a way to sync account information "
1033
"with the PDC. There are multiple ways of accomplishing this "
1034
"<application>scp</application>, <application>rsync</application>, or by "
1035
"using <application>LDAP</application> as the <emphasis>passdb "
1036
"backend</emphasis>."
632
msgid "When configuring Samba as a BDC you need a way to sync account information with the PDC. There are multiple ways of accomplishing this <application>scp</application>, <application>rsync</application>, or by using <application>LDAP</application> as the <emphasis>passdb backend</emphasis>."
1037
633
msgstr ""
1038
634
1039
635
#: serverguide/C/windows-networking.xml:951(para)
1040
msgid ""
1041
"Using LDAP is the most robust way to sync account information, because both "
1042
"domain controllers can use the same information in real time. However, "
1043
"setting up a LDAP server may be overly complicated for a small number of "
1044
"user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
636
msgid "Using LDAP is the most robust way to sync account information, because both domain controllers can use the same information in real time. However, setting up a LDAP server may be overly complicated for a small number of user and computer accounts. See <xref linkend=\"samba-ldap\"/> for details."
1045
637
msgstr ""
1046
638
1047
639
#: serverguide/C/windows-networking.xml:960(para)
1048
msgid ""
1049
"First, install <application>samba</application> and <application>libpam-"
1050
"smbpass</application>. From a terminal enter:"
640
msgid "First, install <application>samba</application> and <application>libpam-smbpass</application>. From a terminal enter:"
1051
641
msgstr ""
1052
642
1053
643
#: serverguide/C/windows-networking.xml:971(para)
1054
msgid ""
1055
"Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the "
1056
"following in the <emphasis>[global]</emphasis>:"
644
msgid "Now, edit <filename>/etc/samba/smb.conf</filename> and uncomment the following in the <emphasis>[global]</emphasis>:"
1057
645
msgstr ""
1058
646
1059
647
#: serverguide/C/windows-networking.xml:984(para)
1062
650
1063
651
#: serverguide/C/windows-networking.xml:988(programlisting)
1064
652
#, no-wrap
1065
msgid ""
1066
"\n"
1067
" domain logons = yes\n"
1068
" domain master = no\n"
653
msgid "\n domain logons = yes\n domain master = no\n"
1069
654
msgstr ""
1070
655
1071
656
#: serverguide/C/windows-networking.xml:996(para)
1072
msgid ""
1073
"Make sure a user has rights to read the files in "
1074
"<filename>/var/lib/samba</filename>. For example, to allow users in the "
1075
"<emphasis>admin</emphasis> group to <application>scp</application> the "
1076
"files, enter:"
657
msgid "Make sure a user has rights to read the files in <filename>/var/lib/samba</filename>. For example, to allow users in the <emphasis>admin</emphasis> group to <application>scp</application> the files, enter:"
1077
658
msgstr ""
1078
659
1079
660
#: serverguide/C/windows-networking.xml:1002(command)
1081
662
msgstr ""
1082
663
1083
664
#: serverguide/C/windows-networking.xml:1008(para)
1084
msgid ""
1085
"Next, sync the user accounts, using <application>scp</application> to copy "
1086
"the <filename>/var/lib/samba</filename> directory from the PDC:"
665
msgid "Next, sync the user accounts, using <application>scp</application> to copy the <filename>/var/lib/samba</filename> directory from the PDC:"
1087
666
msgstr ""
1088
667
1089
668
#: serverguide/C/windows-networking.xml:1014(command)
1091
670
msgstr ""
1092
671
1093
672
#: serverguide/C/windows-networking.xml:1018(para)
1094
msgid ""
1095
"Replace <emphasis>username</emphasis> with a valid username and "
1096
"<emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
673
msgid "Replace <emphasis>username</emphasis> with a valid username and <emphasis>pdc</emphasis> with the hostname or IP Address of your actual PDC."
1097
674
msgstr ""
1098
675
1099
676
#: serverguide/C/windows-networking.xml:1027(para)
1101
678
msgstr ""
1102
679
1103
680
#: serverguide/C/windows-networking.xml:1038(para)
1104
msgid ""
1105
"You can test that your Backup Domain controller is working by stopping the "
1106
"Samba daemon on the PDC, then trying to login to a Windows client joined to "
1107
"the domain."
681
msgid "You can test that your Backup Domain controller is working by stopping the Samba daemon on the PDC, then trying to login to a Windows client joined to the domain."
1108
682
msgstr ""
1109
683
1110
684
#: serverguide/C/windows-networking.xml:1043(para)
1111
msgid ""
1112
"Another thing to keep in mind is if you have configured the <emphasis>logon "
1113
"home</emphasis> option as a directory on the PDC, and the PDC becomes "
1114
"unavailable, access to the user's <emphasis>Home</emphasis> drive will also "
1115
"be unavailable. For this reason it is best to configure the <emphasis>logon "
1116
"home</emphasis> to reside on a separate file server from the PDC and BDC."
685
msgid "Another thing to keep in mind is if you have configured the <emphasis>logon home</emphasis> option as a directory on the PDC, and the PDC becomes unavailable, access to the user's <emphasis>Home</emphasis> drive will also be unavailable. For this reason it is best to configure the <emphasis>logon home</emphasis> to reside on a separate file server from the PDC and BDC."
1117
686
msgstr ""
1118
687
1119
688
#: serverguide/C/windows-networking.xml:1073(para)
1120
msgid ""
1121
"<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-"
1122
"pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting "
1123
"up a Primary Domain Controller."
689
msgid "<ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html\">Chapter 4</ulink> of the Samba HOWTO Collection explains setting up a Primary Domain Controller."
1124
690
msgstr ""
1125
691
1126
692
#: serverguide/C/windows-networking.xml:1079(para)
1127
msgid ""
1128
"<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-"
1129
"Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection "
1130
"explains setting up a Backup Domain Controller."
693
msgid "<ulink url=\"http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html\">Chapter 5</ulink> of the Samba HOWTO Collection explains setting up a Backup Domain Controller."
1131
694
msgstr ""
1132
695
1133
696
#: serverguide/C/windows-networking.xml:1089(title)
1139
702
msgstr ""
1140
703
1141
704
#: serverguide/C/windows-networking.xml:1094(para)
1142
msgid ""
1143
"Another, use for Samba is to integrate into an existing Windows network. "
1144
"Once part of an Active Directory domain, Samba can provide file and print "
1145
"services to AD users."
705
msgid "Another, use for Samba is to integrate into an existing Windows network. Once part of an Active Directory domain, Samba can provide file and print services to AD users."
1146
706
msgstr ""
1147
707
1148
708
#: serverguide/C/windows-networking.xml:1099(para)
1149
msgid ""
1150
"The simplest way to join an AD domain is to use <application>Likewise-"
1151
"open</application>. For detailed instructions see <xref linkend=\"likewise-"
1152
"open\"/>."
709
msgid "The simplest way to join an AD domain is to use <application>Likewise-open</application>. For detailed instructions see <xref linkend=\"likewise-open\"/>."
1153
710
msgstr ""
1154
711
1155
712
#: serverguide/C/windows-networking.xml:1104(para)
1156
msgid "Once part of the domain, install the following packages:"
713
msgid "Once part of the domain, enter the following command in the terminal prompt:"
1157
714
msgstr ""
1158
715
1159
716
#: serverguide/C/windows-networking.xml:1109(command)
1161
718
msgstr ""
1162
719
1163
720
#: serverguide/C/windows-networking.xml:1112(para)
1164
msgid ""
1165
"Since the <application>likewise-open</application> and "
1166
"<application>samba</application> packages use separate "
1167
"<filename>secrets.tdb</filename> files, a symlink will need to be created in "
1168
"<filename role=\"directory\">/var/lib/samba</filename>:"
721
msgid "Since the <application>likewise-open</application> and <application>samba</application> packages use separate <filename>secrets.tdb</filename> files, a symlink will need to be created in <filename role=\"directory\">/var/lib/samba</filename>:"
1169
722
msgstr ""
1170
723
1171
724
#: serverguide/C/windows-networking.xml:1118(command)
1182
735
1183
736
#: serverguide/C/windows-networking.xml:1126(programlisting)
1184
737
#, no-wrap
1185
msgid ""
1186
"\n"
1187
" workgroup = EXAMPLE\n"
1188
" ...\n"
1189
" security = ads\n"
1190
" realm = EXAMPLE.COM\n"
1191
" ...\n"
1192
" idmap backend = lwopen\n"
1193
" idmap uid = 50-9999999999\n"
1194
" idmap gid = 50-9999999999\n"
738
msgid "\n workgroup = EXAMPLE\n ...\n security = ads\n realm = EXAMPLE.COM\n ...\n idmap backend = lwopen\n idmap uid = 50-9999999999\n idmap gid = 50-9999999999\n"
1195
739
msgstr ""
1196
740
1197
741
#: serverguide/C/windows-networking.xml:1137(para)
1198
msgid ""
1199
"Restart <application>samba</application> for the new settings to take effect:"
742
msgid "Restart <application>samba</application> for the new settings to take effect:"
1200
743
msgstr ""
1201
744
1202
745
#: serverguide/C/windows-networking.xml:1145(para)
1203
msgid ""
1204
"You should now be able to access any <application>Samba</application> shares "
1205
"from a Windows client. However, be sure to give the appropriate AD users or "
1206
"groups access to the share directory. See <xref linkend=\"samba-fileprint-"
1207
"security\"/> for more details."
746
msgid "You should now be able to access any <application>Samba</application> shares from a Windows client. However, be sure to give the appropriate AD users or groups access to the share directory. See <xref linkend=\"samba-fileprint-security\"/> for more details."
1208
747
msgstr ""
1209
748
1210
749
#: serverguide/C/windows-networking.xml:1153(title)
1212
751
msgstr ""
1213
752
1214
753
#: serverguide/C/windows-networking.xml:1155(para)
1215
msgid ""
1216
"Now that the Samba server is part of the Active Directory domain you can "
1217
"access any Windows server shares:"
754
msgid "Now that the Samba server is part of the Active Directory domain you can access any Windows server shares:"
1218
755
msgstr ""
1219
756
1220
757
#: serverguide/C/windows-networking.xml:1162(para)
1221
msgid ""
1222
"To mount a Windows file share enter the following in a terminal prompt:"
758
msgid "To mount a Windows file share enter the following in a terminal prompt:"
1223
759
msgstr ""
1224
760
1225
761
#: serverguide/C/windows-networking.xml:1166(command)
1227
763
msgstr ""
1228
764
1229
765
#: serverguide/C/windows-networking.xml:1169(para)
1230
msgid ""
1231
"It is also possible to access shares on computers not part of an AD domain, "
1232
"but a username and password will need to be provided."
766
msgid "It is also possible to access shares on computers not part of an AD domain, but a username and password will need to be provided."
1233
767
msgstr ""
1234
768
1235
769
#: serverguide/C/windows-networking.xml:1177(para)
1236
msgid ""
1237
"To mount the share during boot place an entry in "
1238
"<filename>/etc/fstab</filename>, for example:"
770
msgid "To mount the share during boot place an entry in <filename>/etc/fstab</filename>, for example:"
1239
771
msgstr ""
1240
772
1241
773
#: serverguide/C/windows-networking.xml:1181(programlisting)
1242
774
#, no-wrap
1243
msgid ""
1244
"\n"
1245
"//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw "
1246
"0 0\n"
775
msgid "\n//192.168.0.5/share /mnt/windows cifs auto,username=steve,password=secret,rw 0 0\n"
1247
776
msgstr ""
1248
777
1249
778
#: serverguide/C/windows-networking.xml:1188(para)
1250
msgid ""
1251
"Another way to copy files from a Windows server is to use the "
1252
"<application>smbclient</application> utility. To list the files in a Windows "
1253
"share:"
779
msgid "Another way to copy files from a Windows server is to use the <application>smbclient</application> utility. To list the files in a Windows share:"
1254
780
msgstr ""
1255
781
1256
782
#: serverguide/C/windows-networking.xml:1194(command)
1266
792
msgstr ""
1267
793
1268
794
#: serverguide/C/windows-networking.xml:1208(para)
1269
msgid ""
1270
"This will copy the <filename>file.txt</filename> into the current directory."
795
msgid "This will copy the <filename>file.txt</filename> into the current directory."
1271
796
msgstr ""
1272
797
1273
798
#: serverguide/C/windows-networking.xml:1215(para)
1279
804
msgstr ""
1280
805
1281
806
#: serverguide/C/windows-networking.xml:1223(para)
1282
msgid ""
1283
"This will copy the <filename>/etc/hosts</filename> to "
1284
"<filename>//fs01.example.com/share/hosts</filename>."
807
msgid "This will copy the <filename>/etc/hosts</filename> to <filename>//fs01.example.com/share/hosts</filename>."
1285
808
msgstr ""
1286
809
1287
810
#: serverguide/C/windows-networking.xml:1230(para)
1288
msgid ""
1289
"The <emphasis>-c</emphasis> option used above allows you to execute the "
1290
"<application>smbclient</application> command all at once. This is useful for "
1291
"scripting and minor file operations. To enter the <emphasis>smb: \\"
1292
"></emphasis> prompt, a FTP like prompt where you can execute normal file "
1293
"and directory commands, simply execute:"
811
msgid "The <emphasis>-c</emphasis> option used above allows you to execute the <application>smbclient</application> command all at once. This is useful for scripting and minor file operations. To enter the <emphasis>smb: \\></emphasis> prompt, a FTP like prompt where you can execute normal file and directory commands, simply execute:"
1294
812
msgstr ""
1295
813
1296
814
#: serverguide/C/windows-networking.xml:1237(command)
1298
816
msgstr ""
1299
817
1300
818
#: serverguide/C/windows-networking.xml:1244(para)
1301
msgid ""
1302
"Replace all instances of <emphasis>fs01.example.com/share</emphasis>, "
1303
"<emphasis>//192.168.0.5/share</emphasis>, "
1304
"<emphasis>username=steve,password=secret</emphasis>, and "
1305
"<emphasis>file.txt</emphasis> with your server's IP, hostname, share name, "
1306
"file name, and an actual username and password with rights to the share."
819
msgid "Replace all instances of <emphasis>fs01.example.com/share</emphasis>, <emphasis>//192.168.0.5/share</emphasis>, <emphasis>username=steve,password=secret</emphasis>, and <emphasis>file.txt</emphasis> with your server's IP, hostname, share name, file name, and an actual username and password with rights to the share."
1307
820
msgstr ""
1308
821
1309
822
#: serverguide/C/windows-networking.xml:1255(para)
1310
msgid ""
1311
"For more <application>smbclient</application> options see the man page: "
1312
"<command>man smbclient</command>, also available <ulink "
1313
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">o"
1314
"nline</ulink>."
823
msgid "For more <application>smbclient</application> options see the man page: <command>man smbclient</command>, also available <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/smbclient.1.html\">online</ulink>."
1315
824
msgstr ""
1316
825
1317
826
#: serverguide/C/windows-networking.xml:1260(para)
1318
msgid ""
1319
"The <application>mount.cifs</application><ulink "
1320
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">"
1321
"man page</ulink> is also useful for more detailed information."
827
msgid "The <application>mount.cifs</application><ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/mount.cifs.8.html\">man page</ulink> is also useful for more detailed information."
1322
828
msgstr ""
1323
829
1324
830
#: serverguide/C/windows-networking.xml:1270(title)
1326
832
msgstr ""
1327
833
1328
834
#: serverguide/C/windows-networking.xml:1272(para)
1329
msgid ""
1330
"<application>Likewise Open</application> simplifies the necessary "
1331
"configuration needed to authenticate a Linux machine to an Active Directory "
1332
"domain. Based on <application>winbind</application>, the "
1333
"<application>likewise-open</application> package takes the pain out of "
1334
"integrating Ubuntu authentication into an existing Windows network."
835
msgid "<application>Likewise Open</application> simplifies the necessary configuration needed to authenticate a Linux machine to an Active Directory domain. Based on <application>winbind</application>, the <application>likewise-open</application> package takes the pain out of integrating Ubuntu authentication into an existing Windows network."
1335
836
msgstr ""
1336
837
1337
838
#: serverguide/C/windows-networking.xml:1281(para)
1338
msgid ""
1339
"There are two ways to use Likewise Open, <application>likewise-"
1340
"open</application> the command line utility and <application>likewise-open-"
1341
"gui</application>. This section focuses on the command line utility."
839
msgid "There are two ways to use Likewise Open, <application>likewise-open</application> the command line utility and <application>likewise-open-gui</application>. This section focuses on the command line utility."
1342
840
msgstr ""
1343
841
1344
842
#: serverguide/C/windows-networking.xml:1286(para)
1345
msgid ""
1346
"To install the <application>likewise-open</application> package, open a "
1347
"terminal prompt and enter:"
843
msgid "To install the <application>likewise-open</application> package, open a terminal prompt and enter:"
1348
844
msgstr ""
1349
845
1350
846
#: serverguide/C/windows-networking.xml:1291(command)
1352
848
msgstr ""
1353
849
1354
850
#: serverguide/C/windows-networking.xml:1294(para)
1355
msgid ""
1356
"With Ubuntu 9.04 <application>Likewise Open 5.0</application> is available "
1357
"in the <emphasis>Universe</emphasis> repository. However, since upgrading "
1358
"from <application>Likewise Open 4.1</application> currently requires the "
1359
"system to leave the domain and re-join, a separate package for version five "
1360
"was created."
851
msgid "With Ubuntu 9.04 <application>Likewise Open 5.0</application> is available in the <emphasis>Universe</emphasis> repository. However, since upgrading from <application>Likewise Open 4.1</application> currently requires the system to leave the domain and re-join, a separate package for version five was created."
1361
852
msgstr ""
1362
853
1363
854
#: serverguide/C/windows-networking.xml:1300(para)
1369
860
msgstr ""
1370
861
1371
862
#: serverguide/C/windows-networking.xml:1309(para)
1372
msgid ""
1373
"Installing likewise-open5 over an existing likewise-open (4.1) installation "
1374
"will replace it. You will have to rejoin the domain after install."
863
msgid "Installing likewise-open5 over an existing likewise-open (4.1) installation will replace it. You will have to rejoin the domain after install."
1375
864
msgstr ""
1376
865
1377
866
#: serverguide/C/windows-networking.xml:1317(title)
1379
868
msgstr ""
1380
869
1381
870
#: serverguide/C/windows-networking.xml:1319(para)
1382
msgid ""
1383
"The main executable file of the <application>likewise-open</application> "
1384
"package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to "
1385
"join your computer to the domain. Before you join a domain you will need to "
1386
"make sure you have:"
871
msgid "The main executable file of the <application>likewise-open</application> package is <filename>/usr/bin/domainjoin-cli</filename>, which is used to join your computer to the domain. Before you join a domain you will need to make sure you have:"
1387
872
msgstr ""
1388
873
1389
874
#: serverguide/C/windows-networking.xml:1327(para)
1390
msgid ""
1391
"Access to an Active Directory user with appropriate rights to join the "
1392
"domain."
875
msgid "Access to an Active Directory user with appropriate rights to join the domain."
1393
876
msgstr ""
1394
877
1395
878
#: serverguide/C/windows-networking.xml:1332(para)
1396
msgid ""
1397
"The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain "
1398
"you want to join. If your AD domain does not match a valid domain such as "
1399
"<emphasis role=\"italic\">example.com</emphasis>, it is likely that it has "
1400
"the form of <emphasis>domainname.local</emphasis>."
879
msgid "The <emphasis>Fully Qualified Domain Name</emphasis> (FQDN) of the domain you want to join. If your AD domain does not match a valid domain such as <emphasis role=\"italic\">example.com</emphasis>, it is likely that it has the form of <emphasis>domainname.local</emphasis>."
1401
880
msgstr ""
1402
881
1403
882
#: serverguide/C/windows-networking.xml:1339(para)
1404
msgid ""
1405
"DNS for the domain setup properly. In a production AD environment this "
1406
"should be the case. Proper Microsoft DNS is needed so that client "
1407
"workstations can determine the Active Directory domain is available."
883
msgid "DNS for the domain setup properly. In a production AD environment this should be the case. Proper Microsoft DNS is needed so that client workstations can determine the Active Directory domain is available."
1408
884
msgstr ""
1409
885
1410
886
#: serverguide/C/windows-networking.xml:1343(para)
1411
msgid ""
1412
"If you don't have a Windows DNS server on your network, see <xref "
1413
"linkend=\"likewise-open-ms-dns\"/> for details."
887
msgid "If you don't have a Windows DNS server on your network, see <xref linkend=\"likewise-open-ms-dns\"/> for details."
1414
888
msgstr ""
1415
889
1416
890
#: serverguide/C/windows-networking.xml:1350(para)
1422
896
msgstr ""
1423
897
1424
898
#: serverguide/C/windows-networking.xml:1359(para)
1425
msgid ""
1426
"Replace <emphasis>example.com</emphasis> with your domain name, and "
1427
"<emphasis>Administrator</emphasis> with the appropriate user name."
899
msgid "Replace <emphasis>example.com</emphasis> with your domain name, and <emphasis>Administrator</emphasis> with the appropriate user name."
1428
900
msgstr ""
1429
901
1430
902
#: serverguide/C/windows-networking.xml:1365(para)
1431
msgid ""
1432
"You will then be prompted for the user's password. If all goes well a "
1433
"<emphasis>SUCCESS</emphasis> message should be printed to the console."
903
msgid "You will then be prompted for the user's password. If all goes well a <emphasis>SUCCESS</emphasis> message should be printed to the console."
1434
904
msgstr ""
1435
905
1436
906
#: serverguide/C/windows-networking.xml:1371(para)
1437
msgid ""
1438
"After joining the domain, it is necessary to reboot before attempting to "
1439
"authenticate against the domain."
907
msgid "After joining the domain, it is necessary to reboot before attempting to authenticate against the domain."
1440
908
msgstr ""
1441
909
1442
910
#: serverguide/C/windows-networking.xml:1377(para)
1443
msgid ""
1444
"After successfully joining an Ubuntu machine to an Active Directory domain "
1445
"you can authenticate using any valid AD user. To login you will need to "
1446
"enter the user name as 'domain\\username'. For example to ssh to a server "
1447
"joined to the domain enter:"
911
msgid "After successfully joining an Ubuntu machine to an Active Directory domain you can authenticate using any valid AD user. To login you will need to enter the user name as 'domain\\username'. For example to ssh to a server joined to the domain enter:"
1448
912
msgstr ""
1449
913
1450
914
#: serverguide/C/windows-networking.xml:1384(command)
1452
916
msgstr ""
1453
917
1454
918
#: serverguide/C/windows-networking.xml:1388(para)
1455
msgid ""
1456
"If configuring a Desktop the user name will need to be prefixed with "
1457
"<emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
919
msgid "If configuring a Desktop the user name will need to be prefixed with <emphasis role=\"italic\">domain\\</emphasis> in the graphical logon as well."
1458
920
msgstr ""
1459
921
1460
922
#: serverguide/C/windows-networking.xml:1394(para)
1461
msgid ""
1462
"To make likewise-open use a default domain, you can add the following "
1463
"statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
923
msgid "To make likewise-open use a default domain, you can add the following statement to <filename>/etc/samba/lwiauthd.conf</filename>:"
1464
924
msgstr ""
1465
925
1466
926
#: serverguide/C/windows-networking.xml:1398(programlisting)
1467
927
#, no-wrap
1468
msgid ""
1469
"\n"
1470
"winbind use default domain = yes\n"
928
msgid "\nwinbind use default domain = yes\n"
1471
929
msgstr ""
1472
930
1473
931
#: serverguide/C/windows-networking.xml:1402(para)
1479
937
msgstr ""
1480
938
1481
939
#: serverguide/C/windows-networking.xml:1411(para)
1482
msgid ""
1483
"Once configured for a <emphasis>default domain</emphasis> the <emphasis "
1484
"role=\"italic\">'domain\\'</emphasis> is no longer required, users can login "
1485
"using only their username."
940
msgid "Once configured for a <emphasis>default domain</emphasis> the <emphasis role=\"italic\">'domain\\'</emphasis> is no longer required, users can login using only their username."
1486
941
msgstr ""
1487
942
1488
943
#: serverguide/C/windows-networking.xml:1417(para)
1489
msgid ""
1490
"The <application>domainjoin-cli</application> utility can also be used to "
1491
"leave the domain. From a terminal:"
944
msgid "The <application>domainjoin-cli</application> utility can also be used to leave the domain. From a terminal:"
1492
945
msgstr ""
1493
946
1494
947
#: serverguide/C/windows-networking.xml:1422(command)
1500
953
msgstr ""
1501
954
1502
955
#: serverguide/C/windows-networking.xml:1429(para)
1503
msgid ""
1504
"The <application>likewise-open</application> package comes with a few other "
1505
"utilities that may be useful for gathering information about the Active "
1506
"Directory environment. These utilities are used to join the machine to the "
1507
"domain, and are the same as those available in the <application>samba-"
1508
"common</application> and <application>winbind</application> packages:"
956
msgid "The <application>likewise-open</application> package comes with a few other utilities that may be useful for gathering information about the Active Directory environment. These utilities are used to join the machine to the domain, and are the same as those available in the <application>samba-common</application> and <application>winbind</application> packages:"
1509
957
msgstr ""
1510
958
1511
959
#: serverguide/C/windows-networking.xml:1438(para)
1512
msgid ""
1513
"<application>lwinet</application>: Returns information about the network and "
1514
"the domain."
960
msgid "<application>lwinet</application>: Returns information about the network and the domain."
1515
961
msgstr ""
1516
962
1517
963
#: serverguide/C/windows-networking.xml:1443(para)
1518
msgid ""
1519
"<application>lwimsg</application>: Allows interaction with the "
1520
"<application>likewise-winbindd</application> daemon."
964
msgid "<application>lwimsg</application>: Allows interaction with the <application>likewise-winbindd</application> daemon."
1521
965
msgstr ""
1522
966
1523
967
#: serverguide/C/windows-networking.xml:1448(para)
1524
msgid ""
1525
"<application>lwiinfo</application>: Displays information about various parts "
1526
"of the Domain."
968
msgid "<application>lwiinfo</application>: Displays information about various parts of the Domain."
1527
969
msgstr ""
1528
970
1529
971
#: serverguide/C/windows-networking.xml:1454(para)
1535
977
msgstr ""
1536
978
1537
979
#: serverguide/C/windows-networking.xml:1464(para)
1538
msgid ""
1539
"If the client has trouble joining the domain, double check that the "
1540
"Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For "
1541
"example:"
980
msgid "If the client has trouble joining the domain, double check that the Microsoft DNS is listed first in <filename>/etc/resolv.conf</filename>. For example:"
1542
981
msgstr ""
1543
982
1544
983
#: serverguide/C/windows-networking.xml:1469(programlisting)
1545
984
#, no-wrap
1546
msgid ""
1547
"\n"
1548
"nameserver 192.168.0.1\n"
985
msgid "\nnameserver 192.168.0.1\n"
1549
986
msgstr ""
1550
987
1551
988
#: serverguide/C/windows-networking.xml:1474(para)
1552
msgid ""
1553
"For more information when joining a domain, use the <emphasis>--loglevel "
1554
"verbose</emphasis> or <emphasis>--advanced</emphasis> option of the "
1555
"<application>domainjoin-cli</application> utility:"
989
msgid "For more information when joining a domain, use the <emphasis>--loglevel verbose</emphasis> or <emphasis>--advanced</emphasis> option of the <application>domainjoin-cli</application> utility:"
1556
990
msgstr ""
1557
991
1558
992
#: serverguide/C/windows-networking.xml:1480(command)
1560
994
msgstr ""
1561
995
1562
996
#: serverguide/C/windows-networking.xml:1484(para)
1563
msgid ""
1564
"If an Active Directory user has trouble logging in, check the "
1565
"<filename>/var/log/auth.log</filename> for details."
997
msgid "If an Active Directory user has trouble logging in, check the <filename>/var/log/auth.log</filename> for details."
1566
998
msgstr ""
1567
999
1568
1000
#: serverguide/C/windows-networking.xml:1489(para)
1569
msgid ""
1570
"When joining an Ubuntu Desktop workstation to a domain, you may need to edit "
1571
"<filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis "
1572
"role=\"italic\">.local</emphasis> syntax. In order to join the domain the "
1573
"<emphasis>\"mdns4\"</emphasis> entry from the <emphasis>hosts</emphasis> "
1574
"option. For example:"
1001
msgid "When joining an Ubuntu Desktop workstation to a domain, you may need to edit <filename>/etc/nsswitch.conf</filename> if your AD domain uses the <emphasis role=\"italic\">.local</emphasis> syntax. In order to join the domain the <emphasis>\"mdns4\"</emphasis> entry should be removed from the <emphasis>hosts</emphasis> option. For example:"
1575
1002
msgstr ""
1576
1003
1577
1004
#: serverguide/C/windows-networking.xml:1495(programlisting)
1578
1005
#, no-wrap
1579
msgid ""
1580
"\n"
1581
"hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1006
msgid "\nhosts: files mdns4_minimal [NOTFOUND=return] dns mdns4\n"
1582
1007
msgstr ""
1583
1008
1584
1009
#: serverguide/C/windows-networking.xml:1499(para)
1587
1012
1588
1013
#: serverguide/C/windows-networking.xml:1503(programlisting)
1589
1014
#, no-wrap
1590
msgid ""
1591
"\n"
1592
"hosts: files dns [NOTFOUND=return]\n"
1015
msgid "\nhosts: files dns [NOTFOUND=return]\n"
1593
1016
msgstr ""
1594
1017
1595
1018
#: serverguide/C/windows-networking.xml:1507(para)
1596
1019
msgid "Then restart networking by entering:"
1597
1020
msgstr ""
1598
1021
1599
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:237(command)
1022
#: serverguide/C/windows-networking.xml:1512(command) serverguide/C/network-config.xml:238(command)
1600
1023
msgid "sudo /etc/init.d/networking restart"
1601
1024
msgstr ""
1602
1025
1609
1032
msgstr ""
1610
1033
1611
1034
#: serverguide/C/windows-networking.xml:1525(para)
1612
msgid ""
1613
"The following are instructions for installing DNS on an Active Directory "
1614
"domain controller running Windows Server 2003, but the instructions should "
1615
"be similar for other versions:"
1616
msgstr ""
1617
1618
#: serverguide/C/windows-networking.xml:1532(para)
1619
msgid ""
1620
"Click "
1621
"<menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools"
1622
"</guimenuitem><guimenuitem>Manager Your Server</guimenuitem></menuchoice>. "
1623
"This will open the <application>Server Role Mangement</application> utility."
1624
msgstr ""
1625
1626
#: serverguide/C/windows-networking.xml:1540(para)
1627
msgid "Click Add or remove a role"
1628
msgstr ""
1629
1630
#: serverguide/C/windows-networking.xml:1541(para) serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1546(para)
1035
msgid "The following are instructions for installing DNS on an Active Directory domain controller running Windows Server 2003, but the instructions should be similar for other versions:"
1036
msgstr ""
1037
1038
#: serverguide/C/windows-networking.xml:1534(para)
1039
msgid "Click <menuchoice><guimenuitem>Start</guimenuitem><guimenuitem>Administrative Tools</guimenuitem><guimenuitem>Manage Your Server</guimenuitem></menuchoice>. This will open the <application>Server Role Mangement</application> utility."
1040
msgstr ""
1041
1042
#: serverguide/C/windows-networking.xml:1542(para)
1043
msgid "Click <guilabel>Add or remove a role</guilabel>"
1044
msgstr ""
1045
1046
#: serverguide/C/windows-networking.xml:1543(para) serverguide/C/windows-networking.xml:1545(para) serverguide/C/windows-networking.xml:1548(para)
1631
1047
msgid "Click Next"
1632
1048
msgstr ""
1633
1049
1634
#: serverguide/C/windows-networking.xml:1542(para)
1050
#: serverguide/C/windows-networking.xml:1544(para)
1635
1051
msgid "Select \"DNS Server\""
1636
1052
msgstr ""
1637
1053
1638
#: serverguide/C/windows-networking.xml:1544(para)
1639
msgid "Next"
1054
#: serverguide/C/windows-networking.xml:1546(para)
1055
msgid "Click Next again to proceed"
1640
1056
msgstr ""
1641
1057
1642
#: serverguide/C/windows-networking.xml:1545(para)
1058
#: serverguide/C/windows-networking.xml:1547(para)
1643
1059
msgid "Select \"Create a forward lookup zone\" if it is not selected."
1644
1060
msgstr ""
1645
1061
1646
#: serverguide/C/windows-networking.xml:1547(para)
1647
msgid ""
1648
"Make sure \"This server maintains the zone\" is selected and click Next."
1062
#: serverguide/C/windows-networking.xml:1549(para)
1063
msgid "Make sure \"This server maintains the zone\" is selected and click Next."
1649
1064
msgstr ""
1650
1065
1651
#: serverguide/C/windows-networking.xml:1548(para)
1066
#: serverguide/C/windows-networking.xml:1550(para)
1652
1067
msgid "Enter your domain name and click Next"
1653
1068
msgstr ""
1654
1069
1655
#: serverguide/C/windows-networking.xml:1549(para) serverguide/C/windows-networking.xml:1550(para)
1070
#: serverguide/C/windows-networking.xml:1551(para)
1656
1071
msgid "Click Next to \"Allow only secure dynamic updates\""
1657
1072
msgstr ""
1658
1073
1659
#: serverguide/C/windows-networking.xml:1552(para)
1660
msgid ""
1661
"Enter the IP for DNS servers to forward queries to, or Select \"No, it "
1662
"should not forward queries\" and click Next."
1074
#: serverguide/C/windows-networking.xml:1553(para)
1075
msgid "Enter the IP for DNS servers to forward queries to, or Select \"No, it should not forward queries\" and click Next."
1663
1076
msgstr ""
1664
1077
1665
#: serverguide/C/windows-networking.xml:1556(para) serverguide/C/windows-networking.xml:1557(para)
1078
#: serverguide/C/windows-networking.xml:1557(para) serverguide/C/windows-networking.xml:1558(para)
1666
1079
msgid "Click Finish"
1667
1080
msgstr ""
1668
1081
1669
#: serverguide/C/windows-networking.xml:1559(para)
1670
msgid ""
1671
"DNS is now installed and can be further configured using the "
1672
"<application>Microsoft Management Console</application> DNS snap-in."
1082
#: serverguide/C/windows-networking.xml:1560(para)
1083
msgid "DNS is now installed and can be further configured using the <application>Microsoft Management Console</application> DNS snap-in."
1673
1084
msgstr ""
1674
1085
1675
#: serverguide/C/windows-networking.xml:1567(para)
1086
#: serverguide/C/windows-networking.xml:1568(para)
1676
1087
msgid "Click Start"
1677
1088
msgstr ""
1678
1089
1679
#: serverguide/C/windows-networking.xml:1568(para)
1090
#: serverguide/C/windows-networking.xml:1569(para)
1680
1091
msgid "Control Panel"
1681
1092
msgstr ""
1682
1093
1683
#: serverguide/C/windows-networking.xml:1569(para)
1094
#: serverguide/C/windows-networking.xml:1570(para)
1684
1095
msgid "Network Connections"
1685
1096
msgstr ""
1686
1097
1687
#: serverguide/C/windows-networking.xml:1570(para)
1098
#: serverguide/C/windows-networking.xml:1571(para)
1688
1099
msgid "Right Click \"Local Area Connection\""
1689
1100
msgstr ""
1690
1101
1691
#: serverguide/C/windows-networking.xml:1571(para)
1102
#: serverguide/C/windows-networking.xml:1572(para)
1692
1103
msgid "Click Properties"
1693
1104
msgstr ""
1694
1105
1695
#: serverguide/C/windows-networking.xml:1572(para)
1106
#: serverguide/C/windows-networking.xml:1573(para)
1696
1107
msgid "Double click \"Internet Protocol (TCP/IP)\""
1697
1108
msgstr ""
1698
1109
1699
#: serverguide/C/windows-networking.xml:1573(para)
1110
#: serverguide/C/windows-networking.xml:1574(para)
1700
1111
msgid "Enter the Server's IP Address as the \"Preferred DNS server\""
1701
1112
msgstr ""
1702
1113
1703
#: serverguide/C/windows-networking.xml:1574(para)
1114
#: serverguide/C/windows-networking.xml:1575(para)
1704
1115
msgid "Click Ok"
1705
1116
msgstr ""
1706
1117
1707
#: serverguide/C/windows-networking.xml:1575(para)
1118
#: serverguide/C/windows-networking.xml:1576(para)
1708
1119
msgid "Click Ok again to save the settings"
1709
1120
msgstr ""
1710
1121
1711
#: serverguide/C/windows-networking.xml:1564(para)
1712
msgid ""
1713
"Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1122
#: serverguide/C/windows-networking.xml:1565(para)
1123
msgid "Next, configure the Server to use itself for DNS queries: <placeholder-1/>"
1714
1124
msgstr ""
1715
1125
1716
#: serverguide/C/windows-networking.xml:1582(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:672(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1126
#: serverguide/C/windows-networking.xml:1583(title) serverguide/C/web-servers.xml:624(title) serverguide/C/web-servers.xml:766(title) serverguide/C/web-servers.xml:910(title) serverguide/C/web-servers.xml:1002(title) serverguide/C/web-servers.xml:1218(title) serverguide/C/vpn.xml:291(title) serverguide/C/virtualization.xml:1303(title) serverguide/C/virtualization.xml:1492(title) serverguide/C/vcs.xml:536(title) serverguide/C/security.xml:935(title) serverguide/C/security.xml:1264(title) serverguide/C/security.xml:1679(title) serverguide/C/security.xml:1870(title) serverguide/C/remote-administration.xml:203(title) serverguide/C/package-management.xml:432(title) serverguide/C/other-apps.xml:381(title) serverguide/C/network-config.xml:673(title) serverguide/C/monitoring.xml:391(title) serverguide/C/monitoring.xml:522(title) serverguide/C/mail.xml:444(title) serverguide/C/mail.xml:625(title) serverguide/C/mail.xml:772(title) serverguide/C/mail.xml:1189(title) serverguide/C/mail.xml:1611(title) serverguide/C/lamp-applications.xml:259(title) serverguide/C/lamp-applications.xml:369(title) serverguide/C/lamp-applications.xml:471(title) serverguide/C/file-server.xml:284(title) serverguide/C/file-server.xml:431(title) serverguide/C/file-server.xml:611(title) serverguide/C/dns.xml:572(title) serverguide/C/clustering.xml:234(title) serverguide/C/chat.xml:107(title) serverguide/C/chat.xml:216(title) serverguide/C/backups.xml:297(title)
1717
1127
msgid "References"
1718
1128
msgstr ""
1719
1129
1720
#: serverguide/C/windows-networking.xml:1584(para)
1721
msgid ""
1722
"Please refer to the <ulink "
1723
"url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for "
1724
"further information."
1130
#: serverguide/C/windows-networking.xml:1585(para)
1131
msgid "Please refer to the <ulink url=\"http://www.likewisesoftware.com/\">Likewise</ulink> home page for further information."
1725
1132
msgstr ""
1726
1133
1727
#: serverguide/C/windows-networking.xml:1588(para)
1728
msgid ""
1729
"For more <application>domainjoin-cli</application> options see the man page: "
1730
"<command>man domainjoin-cli</command>."
1134
#: serverguide/C/windows-networking.xml:1589(para)
1135
msgid "For more <application>domainjoin-cli</application> options see the man page: <command>man domainjoin-cli</command>."
1731
1136
msgstr ""
1732
1137
1733
1138
#: serverguide/C/web-servers.xml:13(title)
1735
1140
msgstr ""
1736
1141
1737
1142
#: serverguide/C/web-servers.xml:14(para)
1738
msgid ""
1739
"A Web server is a software responsible for accepting HTTP requests from "
1740
"clients, which are known as Web browsers, and serving them HTTP responses "
1741
"along with optional data contents, which usually are Web pages such as HTML "
1742
"documents and linked objects (images, etc.)."
1143
msgid "A Web server is a software responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are Web pages such as HTML documents and linked objects (images, etc.)."
1743
1144
msgstr ""
1744
1145
1745
1146
#: serverguide/C/web-servers.xml:19(title)
1747
1148
msgstr ""
1748
1149
1749
1150
#: serverguide/C/web-servers.xml:20(para)
1750
msgid ""
1751
"Apache is the most commonly used Web Server on Linux systems. Web Servers "
1752
"are used to serve Web Pages requested by client computers. Clients typically "
1753
"request and view Web Pages using Web Browser applications such as "
1754
"<application>Firefox</application>, <application>Opera</application>, or "
1755
"<application>Mozilla</application>."
1151
msgid "Apache is the most commonly used Web Server on Linux systems. Web Servers are used to serve Web Pages requested by client computers. Clients typically request and view Web Pages using Web Browser applications such as <application>Firefox</application>, <application>Opera</application>, or <application>Mozilla</application>."
1756
1152
msgstr ""
1757
1153
1758
1154
#: serverguide/C/web-servers.xml:24(para)
1759
msgid ""
1760
"Users enter a Uniform Resource Locator (URL) to point to a Web server by "
1761
"means of its Fully Qualified Domain Name (FQDN) and a path to the required "
1762
"resource. For example, to view the home page of the <ulink "
1763
"url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only "
1764
"the FQDN. To request specific information about <ulink "
1765
"url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will "
1766
"enter the FQDN followed by a path."
1155
msgid "Users enter a Uniform Resource Locator (URL) to point to a Web server by means of its Fully Qualified Domain Name (FQDN) and a path to the required resource. For example, to view the home page of the <ulink url=\"http://www.ubuntu.com\">Ubuntu Web site</ulink> a user will enter only the FQDN. To request specific information about <ulink url=\"http://www.ubuntu.com/support/paid\">paid support</ulink>, a user will enter the FQDN followed by a path."
1767
1156
msgstr ""
1768
1157
1769
1158
#: serverguide/C/web-servers.xml:29(para)
1770
msgid ""
1771
"The most common protocol used to transfer Web pages is the Hyper Text "
1772
"Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol "
1773
"over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a "
1774
"protocol for uploading and downloading files, are also supported."
1159
msgid "The most common protocol used to transfer Web pages is the Hyper Text Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a protocol for uploading and downloading files, are also supported."
1775
1160
msgstr ""
1776
1161
1777
1162
#: serverguide/C/web-servers.xml:33(para)
1778
msgid ""
1779
"Apache Web Servers are often used in combination with the "
1780
"<application>MySQL</application> database engine, the HyperText Preprocessor "
1781
"(<application>PHP</application>) scripting language, and other popular "
1782
"scripting languages such as <application>Python</application> and "
1783
"<application>Perl</application>. This configuration is termed LAMP (Linux, "
1784
"Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform "
1785
"for the development and deployment of Web-based applications."
1163
msgid "Apache Web Servers are often used in combination with the <application>MySQL</application> database engine, the HyperText Preprocessor (<application>PHP</application>) scripting language, and other popular scripting languages such as <application>Python</application> and <application>Perl</application>. This configuration is termed LAMP (Linux, Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform for the development and deployment of Web-based applications."
1786
1164
msgstr ""
1787
1165
1788
1166
#: serverguide/C/web-servers.xml:42(para)
1789
msgid ""
1790
"The Apache2 web server is available in Ubuntu Linux. To install Apache2:"
1167
msgid "The <application>Apache2</application> web server is available in Ubuntu Linux. To install Apache2:"
1791
1168
msgstr ""
1792
1169
1793
1170
#: serverguide/C/web-servers.xml:48(para)
1799
1176
msgstr ""
1800
1177
1801
1178
#: serverguide/C/web-servers.xml:63(para)
1802
msgid ""
1803
"Apache2 is configured by placing <emphasis>directives</emphasis> in plain "
1804
"text configuration files. The configuration files are separated between the "
1805
"following files and directories:"
1179
msgid "Apache2 is configured by placing <emphasis>directives</emphasis> in plain text configuration files. These <emphasis>directives</emphasis> are separated between the following files and directories:"
1806
1180
msgstr ""
1807
1181
1808
1182
#: serverguide/C/web-servers.xml:71(para)
1809
msgid ""
1810
"<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. "
1811
"Contains settings that are <emphasis>global</emphasis> to Apache2."
1183
msgid "<emphasis>apache2.conf:</emphasis> the main Apache2 configuration file. Contains settings that are <emphasis>global</emphasis> to Apache2."
1812
1184
msgstr ""
1813
1185
1814
1186
#: serverguide/C/web-servers.xml:77(para)
1815
msgid ""
1816
"<emphasis>conf.d:</emphasis> contains configuration files which apply "
1817
"<emphasis>globally</emphasis> to Apache. Other packages that use Apache2 to "
1818
"serve content may add files, or symlinks, to this directory."
1187
msgid "<emphasis>conf.d:</emphasis> contains configuration files which apply <emphasis>globally</emphasis> to Apache2. Other packages that use Apache2 to serve content may add files, or symlinks, to this directory."
1819
1188
msgstr ""
1820
1189
1821
1190
#: serverguide/C/web-servers.xml:83(para)
1822
msgid ""
1823
"<emphasis>envvars:</emphasis> file where Apache2 "
1824
"<emphasis>environment</emphasis> variables are set."
1191
msgid "<emphasis>envvars:</emphasis> file where Apache2 <emphasis>environment</emphasis> variables are set."
1825
1192
msgstr ""
1826
1193
1827
1194
#: serverguide/C/web-servers.xml:88(para)
1828
msgid ""
1829
"<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration "
1830
"file, named after the <application>httpd</application> daemon. The file can "
1831
"be used for <emphasis>user specific</emphasis> configuration options that "
1832
"globally effect Apache2."
1195
msgid "<emphasis>httpd.conf:</emphasis> historically the main Apache2 configuration file, named after the <application>httpd</application> daemon. The file can be used for <emphasis>user specific</emphasis> configuration options that globally effect Apache2."
1833
1196
msgstr ""
1834
1197
1835
1198
#: serverguide/C/web-servers.xml:95(para)
1836
msgid ""
1837
"<emphasis>mods-available:</emphasis> this directory contains configuration "
1838
"files to both load <emphasis>modules</emphasis> and configure them. Not all "
1839
"modules will have specific configuration files, however."
1199
msgid "<emphasis>mods-available:</emphasis> this directory contains configuration files to both load <emphasis>modules</emphasis> and configure them. Not all modules will have specific configuration files, however."
1840
1200
msgstr ""
1841
1201
1842
1202
#: serverguide/C/web-servers.xml:101(para)
1843
msgid ""
1844
"<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to "
1845
"the files in <filename>/etc/apache2/mods-available</filename>. When a module "
1846
"configuration file is symlinked it will be enabled the next time "
1847
"<application>apache2</application> is restarted."
1203
msgid "<emphasis>mods-enabled:</emphasis> holds <emphasis>symlinks</emphasis> to the files in <filename>/etc/apache2/mods-available</filename>. When a module configuration file is symlinked it will be enabled the next time <application>apache2</application> is restarted."
1848
1204
msgstr ""
1849
1205
1850
1206
#: serverguide/C/web-servers.xml:108(para)
1851
msgid ""
1852
"<emphasis>ports.conf:</emphasis> houses the directives that determine which "
1853
"TCP ports Apache2 is listening on."
1207
msgid "<emphasis>ports.conf:</emphasis> houses the directives that determine which TCP ports Apache2 is listening on."
1854
1208
msgstr ""
1855
1209
1856
1210
#: serverguide/C/web-servers.xml:113(para)
1857
msgid ""
1858
"<emphasis>sites-available:</emphasis> this directory has configuration files "
1859
"for Apache <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 "
1860
"to be configured for multiple sites that have separate configurations."
1211
msgid "<emphasis>sites-available:</emphasis> this directory has configuration files for Apache2 <emphasis>Virtual Hosts</emphasis>. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations."
1861
1212
msgstr ""
1862
1213
1863
1214
#: serverguide/C/web-servers.xml:119(para)
1864
msgid ""
1865
"<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename "
1866
"role=\"directory\">sites-enabled</filename> contains symlinks to the "
1867
"<filename>/etc/apache2/sites-available</filename> directory. Similarly when "
1868
"a configuration file in sites-available is symlinked it will be active once "
1869
"Apache is restarted."
1215
msgid "<emphasis>sites-enabled:</emphasis> like mods-enabled, <filename role=\"directory\">sites-enabled</filename> contains symlinks to the <filename>/etc/apache2/sites-available</filename> directory. Similarly when a configuration file in sites-available is symlinked, the site configured by it will be active once Apache2 is restarted."
1870
1216
msgstr ""
1871
1217
1872
1218
#: serverguide/C/web-servers.xml:127(para)
1873
msgid ""
1874
"In addition, other configuration files may be added using the "
1875
"<emphasis>Include</emphasis> directive, and wildcards can be used to include "
1876
"many configuration files. Any directive may be placed in any of these "
1877
"configuration files. Changes to the main configuration files are only "
1878
"recognized by Apache2 when it is started or restarted."
1219
msgid "In addition, other configuration files may be added using the <emphasis>Include</emphasis> directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache2 when it is started or restarted."
1879
1220
msgstr ""
1880
1221
1881
1222
#: serverguide/C/web-servers.xml:136(para)
1882
msgid ""
1883
"The server also reads a file containing mime document types; the filename is "
1884
"set by the <emphasis>TypesConfig</emphasis> directive, and is "
1885
"<filename>/etc/mime.types</filename> by default."
1223
msgid "The server also reads a file containing mime document types; the filename is set by the <emphasis>TypesConfig</emphasis> directive, and is <filename>/etc/mime.types</filename> by default."
1886
1224
msgstr ""
1887
1225
1888
1226
#: serverguide/C/web-servers.xml:141(title)
1890
1228
msgstr ""
1891
1229
1892
1230
#: serverguide/C/web-servers.xml:142(para)
1893
msgid ""
1894
"This section explains Apache2 server essential configuration parameters. "
1895
"Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
1896
"Documentation</ulink> for more details."
1231
msgid "This section explains Apache2 server essential configuration parameters. Refer to the <ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 Documentation</ulink> for more details."
1897
1232
msgstr ""
1898
1233
1899
1234
#: serverguide/C/web-servers.xml:150(para)
1900
msgid ""
1901
"Apache2 ships with a virtual-host-friendly default configuration. That is, "
1902
"it is configured with a single default virtual host (using the "
1903
"<emphasis>VirtualHost</emphasis> directive) which can modified or used as-is "
1904
"if you have a single site, or used as a template for additional virtual "
1905
"hosts if you have multiple sites. If left alone, the default virtual host "
1906
"will serve as your default site, or the site users will see if the URL they "
1907
"enter does not match the <emphasis>ServerName</emphasis> directive of any of "
1908
"your custom sites. To modify the default virtual host, edit the file "
1909
"<filename>/etc/apache2/sites-available/default</filename>."
1235
msgid "Apache2 ships with a virtual-host-friendly default configuration. That is, it is configured with a single default virtual host (using the <emphasis>VirtualHost</emphasis> directive) which can modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites. If left alone, the default virtual host will serve as your default site, or the site users will see if the URL they enter does not match the <emphasis>ServerName</emphasis> directive of any of your custom sites. To modify the default virtual host, edit the file <filename>/etc/apache2/sites-available/default</filename>."
1910
1236
msgstr ""
1911
1237
1912
1238
#: serverguide/C/web-servers.xml:163(para)
1913
msgid ""
1914
"The directives set for a virtual host only apply to that particular virtual "
1915
"host. If a directive is set server-wide and not defined within the virtual "
1916
"host settings, the default setting is used. For example, you can define a "
1917
"Webmaster email address and not define individual email addresses for each "
1918
"virtual host."
1239
msgid "The directives set for a virtual host only apply to that particular virtual host. If a directive is set server-wide and not defined within the virtual host settings, the default setting is used. For example, you can define a Webmaster email address and not define individual email addresses for each virtual host."
1919
1240
msgstr ""
1920
1241
1921
1242
#: serverguide/C/web-servers.xml:171(para)
1922
msgid ""
1923
"If you wish to configure a new virtual host or site, copy that file into the "
1924
"same directory with a name you choose. For example:"
1243
msgid "If you wish to configure a new virtual host or site, copy that file into the same directory with a name you choose. For example:"
1925
1244
msgstr ""
1926
1245
1927
1246
#: serverguide/C/web-servers.xml:177(command)
1928
msgid ""
1929
"sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-"
1930
"available/mynewsite"
1247
msgid "sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mynewsite"
1931
1248
msgstr ""
1932
1249
1933
1250
#: serverguide/C/web-servers.xml:180(para)
1934
msgid ""
1935
"Edit the new file to configure the new site using some of the directives "
1936
"described below."
1251
msgid "Edit the new file to configure the new site using some of the directives described below."
1937
1252
msgstr ""
1938
1253
1939
1254
#: serverguide/C/web-servers.xml:187(para)
1940
msgid ""
1941
"The <emphasis>ServerAdmin</emphasis> directive specifies the email address "
1942
"to be advertised for the server's administrator. The default value is "
1943
"webmaster@localhost. This should be changed to an email address that is "
1944
"delivered to you (if you are the server's administrator). If your website "
1945
"has a problem, Apache2 will display an error message containing this email "
1946
"address to report the problem to. Find this directive in your site's "
1947
"configuration file in /etc/apache2/sites-available."
1255
msgid "The <emphasis>ServerAdmin</emphasis> directive specifies the email address to be advertised for the server's administrator. The default value is webmaster@localhost. This should be changed to an email address that is delivered to you (if you are the server's administrator). If your website has a problem, Apache2 will display an error message containing this email address to report the problem to. Find this directive in your site's configuration file in /etc/apache2/sites-available."
1948
1256
msgstr ""
1949
1257
1950
1258
#: serverguide/C/web-servers.xml:198(para)
1951
msgid ""
1952
"The <emphasis>Listen</emphasis> directive specifies the port, and optionally "
1953
"the IP address, Apache2 should listen on. If the IP address is not "
1954
"specified, Apache2 will listen on all IP addresses assigned to the machine "
1955
"it runs on. The default value for the Listen directive is 80. Change this to "
1956
"127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so "
1957
"that it will not be available to the Internet, to (for example) 81 to change "
1958
"the port that it listens on, or leave it as is for normal operation. This "
1959
"directive can be found and changed in its own file, "
1960
"<filename>/etc/apache2/ports.conf</filename>"
1259
msgid "The <emphasis>Listen</emphasis> directive specifies the port, and optionally the IP address, Apache2 should listen on. If the IP address is not specified, Apache2 will listen on all IP addresses assigned to the machine it runs on. The default value for the Listen directive is 80. Change this to 127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so that it will not be available to the Internet, to (for example) 81 to change the port that it listens on, or leave it as is for normal operation. This directive can be found and changed in its own file, <filename>/etc/apache2/ports.conf</filename>"
1961
1260
msgstr ""
1962
1261
1963
1262
#: serverguide/C/web-servers.xml:211(para)
1964
msgid ""
1965
"The <emphasis>ServerName</emphasis> directive is optional and specifies what "
1966
"FQDN your site should answer to. The default virtual host has no ServerName "
1967
"directive specified, so it will respond to all requests that do not match a "
1968
"ServerName directive in another virtual host. If you have just acquired the "
1969
"domain name ubunturocks.com and wish to host it on your Ubuntu server, the "
1970
"value of the ServerName directive in your virtual host configuration file "
1971
"should be ubunturocks.com. Add this directive to the new virtual host file "
1972
"you created earlier (<filename>/etc/apache2/sites-"
1973
"available/mynewsite</filename>)."
1263
msgid "The <emphasis>ServerName</emphasis> directive is optional and specifies what FQDN your site should answer to. The default virtual host has no ServerName directive specified, so it will respond to all requests that do not match a ServerName directive in another virtual host. If you have just acquired the domain name ubunturocks.com and wish to host it on your Ubuntu server, the value of the ServerName directive in your virtual host configuration file should be ubunturocks.com. Add this directive to the new virtual host file you created earlier (<filename>/etc/apache2/sites-available/mynewsite</filename>)."
1974
1264
msgstr ""
1975
1265
1976
1266
#: serverguide/C/web-servers.xml:223(para)
1977
msgid ""
1978
"You may also want your site to respond to www.ubunturocks.com, since many "
1979
"users will assume the www prefix is appropriate. Use the "
1980
"<emphasis>ServerAlias</emphasis> directive for this. You may also use "
1981
"wildcards in the ServerAlias directive."
1267
msgid "You may also want your site to respond to www.ubunturocks.com, since many users will assume the www prefix is appropriate. Use the <emphasis>ServerAlias</emphasis> directive for this. You may also use wildcards in the ServerAlias directive."
1982
1268
msgstr ""
1983
1269
1984
1270
#: serverguide/C/web-servers.xml:230(para)
1985
msgid ""
1986
"For example, the following configuration will cause your site to respond to "
1987
"any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
1271
msgid "For example, the following configuration will cause your site to respond to any domain request ending in <emphasis>.ubunturocks.com</emphasis>."
1988
1272
msgstr ""
1989
1273
1990
1274
#: serverguide/C/web-servers.xml:236(programlisting)
1991
1275
#, no-wrap
1992
msgid ""
1993
"\n"
1994
"ServerAlias *.ubunturocks.com\n"
1276
msgid "\nServerAlias *.ubunturocks.com\n"
1995
1277
msgstr ""
1996
1278
1997
1279
#: serverguide/C/web-servers.xml:242(para)
1998
msgid ""
1999
"The <emphasis>DocumentRoot</emphasis> directive specifies where Apache "
2000
"should look for the files that make up the site. The default value is "
2001
"/var/www. No site is configured there, but if you uncomment the "
2002
"<emphasis>RedirectMatch</emphasis> directive in "
2003
"<filename>/etc/apache2/apache2.conf</filename> requests will be redirected "
2004
"to /var/www/apache2-default where the default Apache2 site awaits. Change "
2005
"this value in your site's virtual host file, and remember to create that "
2006
"directory if necessary!"
1280
msgid "The <emphasis>DocumentRoot</emphasis> directive specifies where Apache2 should look for the files that make up the site. The default value is /var/www. No site is configured there, but if you uncomment the <emphasis>RedirectMatch</emphasis> directive in <filename>/etc/apache2/apache2.conf</filename> requests will be redirected to /var/www/apache2-default where the default Apache2 site awaits. Change this value in your site's virtual host file, and remember to create that directory if necessary!"
2007
1281
msgstr ""
2008
1282
2009
1283
#: serverguide/C/web-servers.xml:254(para)
2010
msgid ""
2011
"The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> "
2012
"not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-"
2013
"enabled point to \"available\" sites."
1284
msgid "The /etc/apache2/sites-available directory is <emphasis role=\"bold\"> not</emphasis> parsed by Apache2. Symbolic links in /etc/apache2/sites-enabled point to \"available\" sites."
2014
1285
msgstr ""
2015
1286
2016
1287
#: serverguide/C/web-servers.xml:260(para)
2017
msgid ""
2018
"Enable the new <emphasis>VirtualHost</emphasis> using the "
2019
"<application>a2ensite</application> utility and restart Apache:"
1288
msgid "Enable the new <emphasis>VirtualHost</emphasis> using the <application>a2ensite</application> utility and restart Apache2:"
2020
1289
msgstr ""
2021
1290
2022
1291
#: serverguide/C/web-servers.xml:266(command)
2028
1297
msgstr ""
2029
1298
2030
1299
#: serverguide/C/web-servers.xml:271(para)
2031
msgid ""
2032
"Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive "
2033
"name for the VirtualHost. One method is to name the file after the "
2034
"<emphasis>ServerName</emphasis> directive of the VirtualHost."
1300
msgid "Be sure to replace <emphasis>mynewsite</emphasis> with a more descriptive name for the VirtualHost. One method is to name the file after the <emphasis>ServerName</emphasis> directive of the VirtualHost."
2035
1301
msgstr ""
2036
1302
2037
1303
#: serverguide/C/web-servers.xml:278(para)
2038
msgid ""
2039
"Similarly, use the <application>a2dissite</application> utility to disable "
2040
"sites. This is can be useful when troubleshooting configuration problems "
2041
"with multiple VirtualHosts:"
1304
msgid "Similarly, use the <application>a2dissite</application> utility to disable sites. This is can be useful when troubleshooting configuration problems with multiple VirtualHosts:"
2042
1305
msgstr ""
2043
1306
2044
1307
#: serverguide/C/web-servers.xml:284(command)
2050
1313
msgstr ""
2051
1314
2052
1315
#: serverguide/C/web-servers.xml:292(para)
2053
msgid ""
2054
"This section explains configuration of the Apache2 server default settings. "
2055
"For example, if you add a virtual host, the settings you configure for the "
2056
"virtual host take precedence for that virtual host. For a directive not "
2057
"defined within the virtual host settings, the default value is used."
1316
msgid "This section explains configuration of the Apache2 server default settings. For example, if you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used."
2058
1317
msgstr ""
2059
1318
2060
1319
#: serverguide/C/web-servers.xml:304(para)
2061
msgid ""
2062
"The <emphasis>DirectoryIndex</emphasis> is the default page served by the "
2063
"server when a user requests an index of a directory by specifying a forward "
2064
"slash (/) at the end of the directory name."
1320
msgid "The <emphasis>DirectoryIndex</emphasis> is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name."
2065
1321
msgstr ""
2066
1322
2067
1323
#: serverguide/C/web-servers.xml:311(para)
2068
msgid ""
2069
"For example, when a user requests the page "
2070
"http://www.example.com/this_directory/, he or she will get either the "
2071
"DirectoryIndex page if it exists, a server-generated directory list if it "
2072
"does not and the Indexes option is specified, or a Permission Denied page if "
2073
"neither is true. The server will try to find one of the files listed in the "
2074
"DirectoryIndex directive and will return the first one it finds. If it does "
2075
"not find any of these files and if Options Indexes is set for that "
2076
"directory, the server will generate and return a list, in HTML format, of "
2077
"the subdirectories and files in the directory. The default value, found in "
2078
"<filename>/etc/apache2/apache2.conf</filename> is \" index.html index.cgi "
2079
"index.pl index.php index.xhtml\". Thus, if Apache2 finds a file in a "
2080
"requested directory matching any of these names, the first will be displayed."
1324
msgid "For example, when a user requests the page http://www.example.com/this_directory/, he or she will get either the DirectoryIndex page if it exists, a server-generated directory list if it does not and the Indexes option is specified, or a Permission Denied page if neither is true. The server will try to find one of the files listed in the DirectoryIndex directive and will return the first one it finds. If it does not find any of these files and if <emphasis>Options Indexes</emphasis> is set for that directory, the server will generate and return a list, in HTML format, of the subdirectories and files in the directory. The default value, found in <filename>/etc/apache2/mods-available/dir.conf</filename> is \"index.html index.cgi index.pl index.php index.xhtml index.htm\". Thus, if Apache2 finds a file in a requested directory matching any of these names, the first will be displayed."
2081
1325
msgstr ""
2082
1326
2083
1327
#: serverguide/C/web-servers.xml:332(para)
2084
msgid ""
2085
"The <emphasis>ErrorDocument</emphasis> directive allows you to specify a "
2086
"file for Apache to use for specific error events. For example, if a user "
2087
"requests a resource that does not exist, a 404 error will occur, and per "
2088
"Apache2's default configuration, the file "
2089
"<filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will "
2090
"be displayed. That file is not in the server's DocumentRoot, but there is an "
2091
"Alias directive in <filename>/etc/apache2/apache2.conf</filename> that "
2092
"redirects requests to the /error directory to "
2093
"<filename>/usr/share/apache2/error/</filename>."
1328
msgid "The <emphasis>ErrorDocument</emphasis> directive allows you to specify a file for Apache2 to use for specific error events. For example, if a user requests a resource that does not exist, a 404 error will occur, and per Apache2's default configuration, the file <filename>/usr/share/apache2/error/HTTP_NOT_FOUND.html.var </filename> will be displayed. That file is not in the server's DocumentRoot, but there is an Alias directive in <filename>/etc/apache2/apache2.conf</filename> that redirects requests to the /error directory to <filename>/usr/share/apache2/error/</filename>."
2094
1329
msgstr ""
2095
1330
2096
1331
#: serverguide/C/web-servers.xml:344(para)
2097
msgid ""
2098
"To see a list of the default ErrorDocument directives, use this command:"
1332
msgid "To see a list of the default ErrorDocument directives, use this command:"
2099
1333
msgstr ""
2100
1334
2101
1335
#: serverguide/C/web-servers.xml:350(command)
2103
1337
msgstr ""
2104
1338
2105
1339
#: serverguide/C/web-servers.xml:355(para)
2106
msgid ""
2107
"By default, the server writes the transfer log to the file "
2108
"<filename>/var/log/apache2/access.log</filename>. You can change this on a "
2109
"per-site basis in your virtual host configuration files with the "
2110
"<emphasis>CustomLog</emphasis> directive, or omit it to accept the default, "
2111
"specified in <filename> /etc/apache2/apache2.conf</filename>. You may also "
2112
"specify the file to which errors are logged, via the "
2113
"<emphasis>ErrorLog</emphasis> directive, whose default is "
2114
"<filename>/var/log/apache2/error.log</filename>. These are kept separate "
2115
"from the transfer logs to aid in troubleshooting problems with your Apache2 "
2116
"server. You may also specify the <emphasis>LogLevel</emphasis> (the default "
2117
"value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> "
2118
"/etc/apache2/apache2.conf</filename> for the default value)."
1340
msgid "By default, the server writes the transfer log to the file <filename>/var/log/apache2/access.log</filename>. You can change this on a per-site basis in your virtual host configuration files with the <emphasis>CustomLog</emphasis> directive, or omit it to accept the default, specified in <filename> /etc/apache2/apache2.conf</filename>. You may also specify the file to which errors are logged, via the <emphasis>ErrorLog</emphasis> directive, whose default is <filename>/var/log/apache2/error.log</filename>. These are kept separate from the transfer logs to aid in troubleshooting problems with your Apache2 server. You may also specify the <emphasis>LogLevel</emphasis> (the default value is \"warn\") and the <emphasis>LogFormat</emphasis> (see <filename> /etc/apache2/apache2.conf</filename> for the default value)."
2119
1341
msgstr ""
2120
1342
2121
1343
#: serverguide/C/web-servers.xml:370(para)
2122
msgid ""
2123
"Some options are specified on a per-directory basis rather than per-server. "
2124
"<emphasis>Options</emphasis> is one of these directives. A Directory stanza "
2125
"is enclosed in XML-like tags, like so:"
1344
msgid "Some options are specified on a per-directory basis rather than per-server. <emphasis>Options</emphasis> is one of these directives. A Directory stanza is enclosed in XML-like tags, like so:"
2126
1345
msgstr ""
2127
1346
2128
1347
#: serverguide/C/web-servers.xml:376(programlisting)
2129
1348
#, no-wrap
2130
msgid ""
2131
"\n"
2132
"<Directory /var/www/mynewsite>\n"
2133
"...\n"
2134
"</Directory>\n"
1349
msgid "\n<Directory /var/www/mynewsite>\n...\n</Directory>\n"
2135
1350
msgstr ""
2136
1351
2137
1352
#: serverguide/C/web-servers.xml:382(para)
2138
msgid ""
2139
"The <emphasis>Options</emphasis> directive within a Directory stanza accepts "
2140
"one or more of the following values (among others), separated by spaces:"
1353
msgid "The <emphasis>Options</emphasis> directive within a Directory stanza accepts one or more of the following values (among others), separated by spaces:"
2141
1354
msgstr ""
2142
1355
2143
1356
#: serverguide/C/web-servers.xml:394(para)
2144
msgid ""
2145
"Most files should not be executed as CGI scripts. This would be very "
2146
"dangerous. CGI scripts should kept in a directory separate from and outside "
2147
"your DocumentRoot, and only this directory should have the ExecCGI option "
2148
"set. This is the default, and the default location for CGI scripts is "
2149
"<filename>/usr/lib/cgi-bin</filename>."
1357
msgid "Most files should not be executed as CGI scripts. This would be very dangerous. CGI scripts should kept in a directory separate from and outside your DocumentRoot, and only this directory should have the ExecCGI option set. This is the default, and the default location for CGI scripts is <filename>/usr/lib/cgi-bin</filename>."
2150
1358
msgstr ""
2151
1359
2152
1360
#: serverguide/C/web-servers.xml:389(para)
2153
msgid ""
2154
"<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. "
2155
"CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
1361
msgid "<emphasis role=\"bold\">ExecCGI</emphasis> - Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen. <placeholder-1/>"
2156
1362
msgstr ""
2157
1363
2158
1364
#: serverguide/C/web-servers.xml:405(para)
2159
msgid ""
2160
"<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. "
2161
"Server-side includes allow an HTML file to <emphasis> include</emphasis> "
2162
"other files. This is not a common option. See <ulink "
2163
"url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI "
2164
"HOWTO</ulink> for more information."
1365
msgid "<emphasis role=\"bold\">Includes</emphasis> - Allow server-side includes. Server-side includes allow an HTML file to <emphasis> include</emphasis> other files. This is not a common option. See <ulink url=\"http://httpd.apache.org/docs/2.2/howto/ssi.html\">the Apache2 SSI HOWTO</ulink> for more information."
2165
1366
msgstr ""
2166
1367
2167
1368
#: serverguide/C/web-servers.xml:414(para)
2168
msgid ""
2169
"<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side "
2170
"includes, but disable the <emphasis>#exec</emphasis> and "
2171
"<emphasis>#include</emphasis> commands in CGI scripts."
1369
msgid "<emphasis role=\"bold\">IncludesNOEXEC</emphasis> - Allow server-side includes, but disable the <emphasis>#exec</emphasis> and <emphasis>#include</emphasis> commands in CGI scripts."
2172
1370
msgstr ""
2173
1371
2174
1372
#: serverguide/C/web-servers.xml:426(para)
2175
msgid ""
2176
"For security reasons, this should usually not be set, and certainly should "
2177
"not be set on your DocumentRoot directory. Enable this option carefully on a "
2178
"per-directory basis only if you are certain you want users to see the entire "
2179
"contents of the directory."
1373
msgid "For security reasons, this should usually not be set, and certainly should not be set on your DocumentRoot directory. Enable this option carefully on a per-directory basis only if you are certain you want users to see the entire contents of the directory."
2180
1374
msgstr ""
2181
1375
2182
1376
#: serverguide/C/web-servers.xml:421(para)
2183
msgid ""
2184
"<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the "
2185
"directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as "
2186
"index.html) exists in the requested directory. <placeholder-1/>"
1377
msgid "<emphasis role=\"bold\">Indexes</emphasis> - Display a formatted list of the directory's contents, if no <emphasis>DirectoryIndex</emphasis> (such as index.html) exists in the requested directory. <placeholder-1/>"
2187
1378
msgstr ""
2188
1379
2189
1380
#: serverguide/C/web-servers.xml:436(para)
2190
msgid ""
2191
"<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated "
2192
"multiviews; this option is disabled by default for security reasons. See the "
2193
"<ulink "
2194
"url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">"
2195
"Apache2 documentation on this option</ulink>."
1381
msgid "<emphasis role=\"bold\">Multiview</emphasis> - Support content-negotiated multiviews; this option is disabled by default for security reasons. See the <ulink url=\"http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html#multiviews\">Apache2 documentation on this option</ulink>."
2196
1382
msgstr ""
2197
1383
2198
1384
#: serverguide/C/web-servers.xml:444(para)
2199
msgid ""
2200
"<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow "
2201
"symbolic links if the target file or directory has the same owner as the "
2202
"link."
1385
msgid "<emphasis role=\"bold\">SymLinksIfOwnerMatch</emphasis> - Only follow symbolic links if the target file or directory has the same owner as the link."
2203
1386
msgstr ""
2204
1387
2205
1388
#: serverguide/C/web-servers.xml:456(title)
2207
1390
msgstr ""
2208
1391
2209
1392
#: serverguide/C/web-servers.xml:458(para)
2210
msgid ""
2211
"This section explains some basic <application>httpd</application> daemon "
2212
"configuration settings."
1393
msgid "This section explains some basic <application>httpd</application> daemon configuration settings."
2213
1394
msgstr ""
2214
1395
2215
1396
#: serverguide/C/web-servers.xml:462(para)
2216
msgid ""
2217
"<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets "
2218
"the path to the lockfile used when the server is compiled with either "
2219
"USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be "
2220
"stored on the local disk. It should be left to the default value unless the "
2221
"logs directory is located on an NFS share. If this is the case, the default "
2222
"value should be changed to a location on the local disk and to a directory "
2223
"that is readable only by root."
1397
msgid "<emphasis role=\"bold\">LockFile</emphasis> - The LockFile directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root."
2224
1398
msgstr ""
2225
1399
2226
1400
#: serverguide/C/web-servers.xml:471(para)
2227
msgid ""
2228
"<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the "
2229
"file in which the server records its process ID (pid). This file should only "
2230
"be readable by root. In most cases, it should be left to the default value."
1401
msgid "<emphasis role=\"bold\">PidFile</emphasis> - The PidFile directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value."
2231
1402
msgstr ""
2232
1403
2233
1404
#: serverguide/C/web-servers.xml:477(para)
2234
msgid ""
2235
"<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid "
2236
"used by the server to answer requests. This setting determines the server's "
2237
"access. Any files inaccessible to this user will also be inaccessible to "
2238
"your website's visitors. The default value for User is www-data."
1405
msgid "<emphasis role=\"bold\">User</emphasis> - The User directive sets the userid used by the server to answer requests. This setting determines the server's access. Any files inaccessible to this user will also be inaccessible to your website's visitors. The default value for User is www-data."
2239
1406
msgstr ""
2240
1407
2241
1408
#: serverguide/C/web-servers.xml:484(para)
2242
msgid ""
2243
"Unless you know exactly what you are doing, do not set the User directive to "
2244
"root. Using root as the User will create large security holes for your Web "
2245
"server."
1409
msgid "Unless you know exactly what you are doing, do not set the User directive to root. Using root as the User will create large security holes for your Web server."
2246
1410
msgstr ""
2247
1411
2248
1412
#: serverguide/C/web-servers.xml:490(para)
2249
msgid ""
2250
"The Group directive is similar to the User directive. Group sets the group "
2251
"under which the server will answer requests. The default group is also www-"
2252
"data."
1413
msgid "The Group directive is similar to the User directive. Group sets the group under which the server will answer requests. The default group is also www-data."
2253
1414
msgstr ""
2254
1415
2255
1416
#: serverguide/C/web-servers.xml:496(title)
2256
msgid "Apache Modules"
1417
msgid "Apache2 Modules"
2257
1418
msgstr ""
2258
1419
2259
1420
#: serverguide/C/web-servers.xml:498(para)
2260
msgid ""
2261
"Apache is a modular server. This implies that only the most basic "
2262
"functionality is included in the core server. Extended features are "
2263
"available through modules which can be loaded into Apache. By default, a "
2264
"base set of modules is included in the server at compile-time. If the server "
2265
"is compiled to use dynamically loaded modules, then modules can be compiled "
2266
"separately, and added at any time using the LoadModule directive. Otherwise, "
2267
"Apache must be recompiled to add or remove modules."
1421
msgid "Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules."
2268
1422
msgstr ""
2269
1423
2270
1424
#: serverguide/C/web-servers.xml:510(para)
2271
msgid ""
2272
"Ubuntu compiles Apache2 to allow the dynamic loading of modules. "
2273
"Configuration directives may be conditionally included on the presence of a "
2274
"particular module by enclosing them in an "
2275
"<emphasis><IfModule></emphasis> block."
1425
msgid "Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an <emphasis><IfModule></emphasis> block."
2276
1426
msgstr ""
2277
1427
2278
1428
#: serverguide/C/web-servers.xml:517(para)
2279
msgid ""
2280
"You can install additional Apache2 modules and use them with your Web "
2281
"server. For example, run the following command from a terminal prompt to "
2282
"install the <emphasis>MySQL Authentication</emphasis> module:"
1429
msgid "You can install additional Apache2 modules and use them with your Web server. For example, run the following command from a terminal prompt to install the <emphasis>MySQL Authentication</emphasis> module:"
2283
1430
msgstr ""
2284
1431
2285
1432
#: serverguide/C/web-servers.xml:524(command)
2287
1434
msgstr ""
2288
1435
2289
1436
#: serverguide/C/web-servers.xml:527(para)
2290
msgid ""
2291
"See the <filename>/etc/apache2/mods-available</filename> directory, for "
2292
"additional modules."
1437
msgid "See the <filename>/etc/apache2/mods-available</filename> directory, for additional modules."
2293
1438
msgstr ""
2294
1439
2295
1440
#: serverguide/C/web-servers.xml:531(para)
2296
msgid ""
2297
"Use the <application>a2enmod</application> utility to enable a module:"
1441
msgid "Use the <application>a2enmod</application> utility to enable a module:"
2298
1442
msgstr ""
2299
1443
2300
1444
#: serverguide/C/web-servers.xml:537(command)
2314
1458
msgstr ""
2315
1459
2316
1460
#: serverguide/C/web-servers.xml:555(para)
2317
msgid ""
2318
"The <application>mod_ssl</application> module adds an important feature to "
2319
"the Apache2 server - the ability to encrypt communications. Thus, when your "
2320
"browser is communicating using SSL, the https:// prefix is used at the "
2321
"beginning of the Uniform Resource Locator (URL) in the browser navigation "
2322
"bar."
1461
msgid "The <application>mod_ssl</application> module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar."
2323
1462
msgstr ""
2324
1463
2325
1464
#: serverguide/C/web-servers.xml:564(para)
2326
msgid ""
2327
"The <application>mod_ssl</application> module is available in "
2328
"<application>apache2-common</application> package. Execute the following "
2329
"command from a terminal prompt to enable the "
2330
"<application>mod_ssl</application> module:"
1465
msgid "The <application>mod_ssl</application> module is available in <application>apache2-common</application> package. Execute the following command from a terminal prompt to enable the <application>mod_ssl</application> module:"
2331
1466
msgstr ""
2332
1467
2333
1468
#: serverguide/C/web-servers.xml:571(command)
2335
1470
msgstr ""
2336
1471
2337
1472
#: serverguide/C/web-servers.xml:574(para)
2338
msgid ""
2339
"There is a default HTTPS configuration file in <filename>/etc/apache2/sites-"
2340
"available/default-ssl</filename>. In order for "
2341
"<application>Apache</application> to provide HTTPS, a "
2342
"<emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also "
2343
"needed. The default HTTPS configuration will use a certificate and key "
2344
"generated by the <application>ssl-cert</application> package. They are good "
2345
"for testing, but the auto-generated certificate and key should be replaced "
2346
"by a certificate specific to the site or server. For information on "
2347
"generating a key and obtaining a certificate see <xref "
2348
"linkend=\"certificates-and-security\"/>"
1473
msgid "There is a default HTTPS configuration file in <filename>/etc/apache2/sites-available/default-ssl</filename>. In order for <application>Apache2</application> to provide HTTPS, a <emphasis>certificate</emphasis> and <emphasis>key</emphasis> file are also needed. The default HTTPS configuration will use a certificate and key generated by the <application>ssl-cert</application> package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see <xref linkend=\"certificates-and-security\"/>"
2349
1474
msgstr ""
2350
1475
2351
1476
#: serverguide/C/web-servers.xml:584(para)
2352
msgid ""
2353
"To configure <application>Apache</application> for HTTPS, enter the "
2354
"following:"
1477
msgid "To configure <application>Apache2</application> for HTTPS, enter the following:"
2355
1478
msgstr ""
2356
1479
2357
1480
#: serverguide/C/web-servers.xml:589(command)
2359
1482
msgstr ""
2360
1483
2361
1484
#: serverguide/C/web-servers.xml:593(para)
2362
msgid ""
2363
"The directories <filename>/etc/ssl/certs</filename> and "
2364
"<filename>/etc/ssl/private</filename> are the default locations. If you "
2365
"install the certificate and key in another directory make sure to change "
2366
"<emphasis>SSLCertificateFile</emphasis> and "
2367
"<emphasis>SSLCertificateKeyFile</emphasis> appropriately."
1485
msgid "The directories <filename>/etc/ssl/certs</filename> and <filename>/etc/ssl/private</filename> are the default locations. If you install the certificate and key in another directory make sure to change <emphasis>SSLCertificateFile</emphasis> and <emphasis>SSLCertificateKeyFile</emphasis> appropriately."
2368
1486
msgstr ""
2369
1487
2370
1488
#: serverguide/C/web-servers.xml:600(para)
2371
msgid ""
2372
"With Apache now configured for HTTPS, restart the service to enable the new "
2373
"settings:"
1489
msgid "With Apache2 now configured for HTTPS, restart the service to enable the new settings:"
2374
1490
msgstr ""
2375
1491
2376
1492
#: serverguide/C/web-servers.xml:611(para)
2377
msgid ""
2378
"Depending on how you obtained your certificate you may need to enter a "
2379
"passphrase when <application>Apache</application> starts."
1493
msgid "Depending on how you obtained your certificate you may need to enter a passphrase when <application>Apache2</application> starts."
2380
1494
msgstr ""
2381
1495
2382
1496
#: serverguide/C/web-servers.xml:617(para)
2383
msgid ""
2384
"You can access the secure server pages by typing https://your_hostname/url/ "
2385
"in your browser address bar."
1497
msgid "You can access the secure server pages by typing https://your_hostname/url/ in your browser address bar."
2386
1498
msgstr ""
2387
1499
2388
1500
#: serverguide/C/web-servers.xml:628(para)
2389
msgid ""
2390
"<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 "
2391
"Documentation</ulink> contains in depth information on Apache2 configuration "
2392
"directives. Also, see the <application>apache2-doc</application> package for "
2393
"the official Apache2 docs."
1501
msgid "<ulink url=\"http://httpd.apache.org/docs/2.2/\">Apache2 Documentation</ulink> contains in depth information on Apache2 configuration directives. Also, see the <application>apache2-doc</application> package for the official Apache2 docs."
2394
1502
msgstr ""
2395
1503
2396
1504
#: serverguide/C/web-servers.xml:635(para)
2397
msgid ""
2398
"See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL "
2399
"Documentation</ulink> site for more SSL related information."
1505
msgid "See the <ulink url=\"http://www.modssl.org/docs/\">Mod SSL Documentation</ulink> site for more SSL related information."
2400
1506
msgstr ""
2401
1507
2402
1508
#: serverguide/C/web-servers.xml:641(para)
2403
msgid ""
2404
"O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache "
2405
"Cookbook</ulink> is a good resource for accomplishing specific Apache2 "
2406
"configurations."
1509
msgid "O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596001919/\">Apache Cookbook</ulink> is a good resource for accomplishing specific Apache2 configurations."
2407
1510
msgstr ""
2408
1511
2409
1512
#: serverguide/C/web-servers.xml:647(para)
2410
msgid ""
2411
"For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-"
2412
"server</emphasis> IRC channel on <ulink "
2413
"url=\"http://freenode.net/\">freenode.net</ulink>."
1513
msgid "For Ubuntu specific Apache2 questions, ask in the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url=\"http://freenode.net/\">freenode.net</ulink>."
2414
1514
msgstr ""
2415
1515
2416
1516
#: serverguide/C/web-servers.xml:658(title)
2418
1518
msgstr ""
2419
1519
2420
1520
#: serverguide/C/web-servers.xml:659(para)
2421
msgid ""
2422
"PHP is a general-purpose scripting language suited for Web development. The "
2423
"PHP script can be embedded into HTML. This section explains how to install "
2424
"and configure PHP5 in Ubuntu System with Apache2 and MySQL."
1521
msgid "PHP is a general-purpose scripting language suited for Web development. The PHP script can be embedded into HTML. This section explains how to install and configure PHP5 in Ubuntu System with Apache2 and MySQL."
2425
1522
msgstr ""
2426
1523
2427
1524
#: serverguide/C/web-servers.xml:663(para)
2428
msgid ""
2429
"This section assumes you have installed and configured Apache 2 Web Server "
2430
"and MySQL Database Server. You can refer to Apache 2 section and MySQL "
2431
"sections in this document to install and configure Apache 2 and MySQL "
2432
"respectively."
1525
msgid "This section assumes you have installed and configured Apache2 Web Server and MySQL Database Server. You can refer to Apache2 section and MySQL sections in this document to install and configure Apache2 and MySQL respectively."
2433
1526
msgstr ""
2434
1527
2435
1528
#: serverguide/C/web-servers.xml:670(para)
2437
1530
msgstr ""
2438
1531
2439
1532
#: serverguide/C/web-servers.xml:672(para)
2440
msgid ""
2441
"To install PHP5 you can enter the following command in the terminal prompt: "
2442
"<screen>\n"
2443
"<command>sudo apt-get install php5 libapache2-mod-php5</command>\n"
2444
"</screen>"
1533
msgid "To install PHP5 you can enter the following command in the terminal prompt: <screen>\n<command>sudo apt-get install php5 libapache2-mod-php5</command>\n</screen>"
2445
1534
msgstr ""
2446
1535
2447
1536
#: serverguide/C/web-servers.xml:681(para)
2448
msgid ""
2449
"You can run PHP5 scripts from command line. To run PHP5 scripts from command "
2450
"line you should install <application>php5-cli</application> package. To "
2451
"install <application>php5-cli</application> you can enter the following "
2452
"command in the terminal prompt: <screen>\n"
2453
"<command>sudo apt-get install php5-cli</command>\n"
2454
"</screen>"
1537
msgid "You can run PHP5 scripts from command line. To run PHP5 scripts from command line you should install <application>php5-cli</application> package. To install <application>php5-cli</application> you can enter the following command in the terminal prompt: <screen>\n<command>sudo apt-get install php5-cli</command>\n</screen>"
2455
1538
msgstr ""
2456
1539
2457
1540
#: serverguide/C/web-servers.xml:690(para)
2458
msgid ""
2459
"You can also execute PHP5 scripts without installing PHP5 Apache module. To "
2460
"accomplish this, you should install <application>php5-cgi</application> "
2461
"package. You can run the following command in a terminal prompt to install "
2462
"<application>php5-cgi</application> package: <screen>\n"
2463
"<command>sudo apt-get install php5-cgi</command>\n"
2464
"</screen>"
1541
msgid "You can also execute PHP5 scripts without installing PHP5 Apache module. To accomplish this, you should install <application>php5-cgi</application> package. You can run the following command in a terminal prompt to install <application>php5-cgi</application> package: <screen>\n<command>sudo apt-get install php5-cgi</command>\n</screen>"
2465
1542
msgstr ""
2466
1543
2467
1544
#: serverguide/C/web-servers.xml:700(para)
2468
msgid ""
2469
"To use <application>MySQL</application> with PHP5 you should install "
2470
"<application>php5-mysql</application> package. To install <application>php5-"
2471
"mysql</application> you can enter the following command in the terminal "
2472
"prompt: <screen>\n"
2473
"<command>sudo apt-get install php5-mysql</command>\n"
2474
"</screen>"
1545
msgid "To use <application>MySQL</application> with PHP5 you should install <application>php5-mysql</application> package. To install <application>php5-mysql</application> you can enter the following command in the terminal prompt: <screen>\n<command>sudo apt-get install php5-mysql</command>\n</screen>"
2475
1546
msgstr ""
2476
1547
2477
1548
#: serverguide/C/web-servers.xml:708(para)
2478
msgid ""
2479
"Similarly, to use <application>PostgreSQL</application> with PHP5 you should "
2480
"install <application>php5-pgsql</application> package. To install "
2481
"<application>php5-pgsql</application> you can enter the following command in "
2482
"the terminal prompt: <screen>\n"
2483
"<command>sudo apt-get install php5-pgsql</command>\n"
2484
"</screen>"
1549
msgid "Similarly, to use <application>PostgreSQL</application> with PHP5 you should install <application>php5-pgsql</application> package. To install <application>php5-pgsql</application> you can enter the following command in the terminal prompt: <screen>\n<command>sudo apt-get install php5-pgsql</command>\n</screen>"
2485
1550
msgstr ""
2486
1551
2487
1552
#: serverguide/C/web-servers.xml:721(para)
2488
msgid ""
2489
"Once you install PHP5, you can run PHP5 scripts from your web browser. If "
2490
"you have installed <application>php5-cli</application> package, you can run "
2491
"PHP5 scripts from your command prompt."
1553
msgid "Once you install PHP5, you can run PHP5 scripts from your web browser. If you have installed <application>php5-cli</application> package, you can run PHP5 scripts from your command prompt."
2492
1554
msgstr ""
2493
1555
2494
1556
#: serverguide/C/web-servers.xml:728(para)
2495
msgid ""
2496
"By default, the Apache 2 Web server is configured to run PHP5 scripts. In "
2497
"other words, the PHP5 module is enabled in Apache2 Web server automatically "
2498
"when you install the module. Please verify if the files "
2499
"<filename>/etc/apache2/mods-enabled/php5.conf</filename> and "
2500
"<filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do "
2501
"not exists, you can enable the module using <command>a2enmod</command> "
2502
"command."
1557
msgid "By default, the Apache 2 Web server is configured to run PHP5 scripts. In other words, the PHP5 module is enabled in Apache2 Web server automatically when you install the module. Please verify if the files <filename>/etc/apache2/mods-enabled/php5.conf</filename> and <filename>/etc/apache2/mods-enabled/php5.load</filename> exist. If they do not exists, you can enable the module using <command>a2enmod</command> command."
2503
1558
msgstr ""
2504
1559
2505
1560
#: serverguide/C/web-servers.xml:739(para)
2506
msgid ""
2507
"Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you "
2508
"should restart Apache2 Web server to run PHP5 scripts. You can run the "
2509
"following command at a terminal prompt to restart your web server: "
2510
"<screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
1561
msgid "Once you install PHP5 related packages and enabled PHP5 Apache 2 module, you should restart Apache2 Web server to run PHP5 scripts. You can run the following command at a terminal prompt to restart your web server: <screen><command>sudo /etc/init.d/apache2 restart</command> </screen>"
2511
1562
msgstr ""
2512
1563
2513
1564
#: serverguide/C/web-servers.xml:747(title) serverguide/C/mail.xml:305(title) serverguide/C/mail.xml:1534(title) serverguide/C/dns.xml:343(title) serverguide/C/clustering.xml:184(title)
2515
1566
msgstr ""
2516
1567
2517
1568
#: serverguide/C/web-servers.xml:748(para)
2518
msgid ""
2519
"To verify your installation, you can run following PHP5 phpinfo script:"
1569
msgid "To verify your installation, you can run following PHP5 phpinfo script:"
2520
1570
msgstr ""
2521
1571
2522
1572
#: serverguide/C/web-servers.xml:751(programlisting)
2523
1573
#, no-wrap
2524
msgid ""
2525
"\n"
2526
"<?php\n"
2527
" phpinfo();\n"
2528
"?>\n"
1574
msgid "\n<?php\n phpinfo();\n?>\n"
2529
1575
msgstr ""
2530
1576
2531
1577
#: serverguide/C/web-servers.xml:756(para)
2532
msgid ""
2533
"You can save the content in a file <filename>phpinfo.php</filename> and "
2534
"place it under <command>DocumentRoot</command> directory of Apache2 Web "
2535
"server. When point your browser to "
2536
"<filename>http://hostname/phpinfo.php</filename>, it would display values of "
2537
"various PHP5 configuration parameters."
1578
msgid "You can save the content in a file <filename>phpinfo.php</filename> and place it under <command>DocumentRoot</command> directory of Apache2 Web server. When point your browser to <filename>http://hostname/phpinfo.php</filename>, it would display values of various PHP5 configuration parameters."
2538
1579
msgstr ""
2539
1580
2540
1581
#: serverguide/C/web-servers.xml:770(para)
2541
msgid ""
2542
"For more in depth information see <ulink "
2543
"url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
1582
msgid "For more in depth information see <ulink url=\"http://www.php.net/docs.php\">php.net</ulink> documentation."
2544
1583
msgstr ""
2545
1584
2546
1585
#: serverguide/C/web-servers.xml:775(para)
2547
msgid ""
2548
"There are a plethora of books on PHP. Two good books from O'Reilly are "
2549
"<ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP "
2550
"5</ulink> and the <ulink "
2551
"url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
1586
msgid "There are a plethora of books on PHP. Two good books from O'Reilly are <ulink url=\"http://oreilly.com/catalog/9780596005603/\">Learning PHP 5</ulink> and the <ulink url=\"http://oreilly.com/catalog/9781565926813/\">PHP Cook Book</ulink>."
2552
1587
msgstr ""
2553
1588
2554
1589
#: serverguide/C/web-servers.xml:787(title)
2556
1591
msgstr ""
2557
1592
2558
1593
#: serverguide/C/web-servers.xml:788(para)
2559
msgid ""
2560
"Squid is a full-featured web proxy cache server application which provides "
2561
"proxy and cache services for Hyper Text Transport Protocol (HTTP), File "
2562
"Transfer Protocol (FTP), and other popular network protocols. Squid can "
2563
"implement caching and proxying of Secure Sockets Layer (SSL) requests and "
2564
"caching of Domain Name Server (DNS) lookups, and perform transparent "
2565
"caching. Squid also supports a wide variety of caching protocols, such as "
2566
"Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the "
2567
"Cache Array Routing Protocol (CARP), and the Web Cache Coordination "
2568
"Protocol. (WCCP)"
1594
msgid "Squid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP)"
2569
1595
msgstr ""
2570
1596
2571
1597
#: serverguide/C/web-servers.xml:796(para)
2572
msgid ""
2573
"The Squid proxy cache server is an excellent solution to a variety of proxy "
2574
"and caching server needs, and scales from the branch office to enterprise "
2575
"level networks while providing extensive, granular access control mechanisms "
2576
"and monitoring of critical parameters via the Simple Network Management "
2577
"Protocol (SNMP). When selecting a computer system for use as a dedicated "
2578
"Squid proxy, or caching servers, ensure your system is configured with a "
2579
"large amount of physical memory, as Squid maintains an in-memory cache for "
2580
"increased performance."
1598
msgid "The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance."
2581
1599
msgstr ""
2582
1600
2583
1601
#: serverguide/C/web-servers.xml:805(para)
2584
msgid ""
2585
"At a terminal prompt, enter the following command to install the Squid "
2586
"server:"
1602
msgid "At a terminal prompt, enter the following command to install the Squid server:"
2587
1603
msgstr ""
2588
1604
2589
1605
#: serverguide/C/web-servers.xml:810(command)
2591
1607
msgstr ""
2592
1608
2593
1609
#: serverguide/C/web-servers.xml:816(para)
2594
msgid ""
2595
"Squid is configured by editing the directives contained within the "
2596
"<filename>/etc/squid/squid.conf</filename> configuration file. The following "
2597
"examples illustrate some of the directives which may be modified to affect "
2598
"the behavior of the Squid server. For more in-depth configuration of Squid, "
2599
"see the References section."
1610
msgid "Squid is configured by editing the directives contained within the <filename>/etc/squid/squid.conf</filename> configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section."
2600
1611
msgstr ""
2601
1612
2602
1613
#: serverguide/C/web-servers.xml:822(para)
2603
msgid ""
2604
"Prior to editing the configuration file, you should make a copy of the "
2605
"original file and protect it from writing so you will have the original "
2606
"settings as a reference, and to re-use as necessary."
1614
msgid "Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary."
2607
1615
msgstr ""
2608
1616
2609
1617
#: serverguide/C/web-servers.xml:825(para)
2610
msgid ""
2611
"Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from "
2612
"writing with the following commands entered at a terminal prompt:"
1618
msgid "Copy the <filename>/etc/squid/squid.conf</filename> file and protect it from writing with the following commands entered at a terminal prompt:"
2613
1619
msgstr ""
2614
1620
2615
1621
#: serverguide/C/web-servers.xml:830(command)
2621
1627
msgstr ""
2622
1628
2623
1629
#: serverguide/C/web-servers.xml:837(para)
2624
msgid ""
2625
"To set your Squid server to listen on TCP port 8888 instead of the default "
2626
"TCP port 3128, change the http_port directive as such:"
1630
msgid "To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such:"
2627
1631
msgstr ""
2628
1632
2629
1633
#: serverguide/C/web-servers.xml:841(programlisting)
2630
1634
#, no-wrap
2631
msgid ""
2632
"\n"
2633
"http_port 8888\n"
1635
msgid "\nhttp_port 8888\n"
2634
1636
msgstr ""
2635
1637
2636
1638
#: serverguide/C/web-servers.xml:846(para)
2637
msgid ""
2638
"Change the visible_hostname directive in order to give the Squid server a "
2639
"specific hostname. This hostname does not necessarily need to be the "
2640
"computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
1639
msgid "Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer's hostname. In this example it is set to <emphasis>weezie</emphasis>"
2641
1640
msgstr ""
2642
1641
2643
1642
#: serverguide/C/web-servers.xml:850(programlisting)
2644
1643
#, no-wrap
2645
msgid ""
2646
"\n"
2647
"visible_hostname weezie\n"
1644
msgid "\nvisible_hostname weezie\n"
2648
1645
msgstr ""
2649
1646
2650
1647
#: serverguide/C/web-servers.xml:855(para)
2651
msgid ""
2652
"Again, Using Squid's access control, you may configure use of Internet "
2653
"services proxied by Squid to be available only users with certain Internet "
2654
"Protocol (IP) addresses. For example, we will illustrate access by users of "
2655
"the 192.168.42.0/24 subnetwork only:"
1648
msgid "Using Squid's access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only:"
2656
1649
msgstr ""
2657
1650
2658
1651
#: serverguide/C/web-servers.xml:860(para) serverguide/C/web-servers.xml:880(para)
2659
msgid ""
2660
"Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the "
2661
"ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
1652
msgid "Add the following to the <emphasis role=\"bold\">bottom</emphasis> of the ACL section of your <filename>/etc/squid/squid.conf</filename> file:"
2662
1653
msgstr ""
2663
1654
2664
1655
#: serverguide/C/web-servers.xml:863(programlisting)
2665
1656
#, no-wrap
2666
msgid ""
2667
"\n"
2668
"acl fortytwo_network src 192.168.42.0/24\n"
1657
msgid "\nacl fortytwo_network src 192.168.42.0/24\n"
2669
1658
msgstr ""
2670
1659
2671
1660
#: serverguide/C/web-servers.xml:866(para) serverguide/C/web-servers.xml:887(para)
2672
msgid ""
2673
"Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the "
2674
"http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
1661
msgid "Then, add the following to the <emphasis role=\"bold\">top</emphasis> of the http_access section of your <filename>/etc/squid/squid.conf</filename> file:"
2675
1662
msgstr ""
2676
1663
2677
1664
#: serverguide/C/web-servers.xml:870(programlisting)
2678
1665
#, no-wrap
2679
msgid ""
2680
"\n"
2681
"http_access allow fortytwo_network\n"
1666
msgid "\nhttp_access allow fortytwo_network\n"
2682
1667
msgstr ""
2683
1668
2684
1669
#: serverguide/C/web-servers.xml:875(para)
2685
msgid ""
2686
"Using the excellent access control features of Squid, you may configure use "
2687
"of Internet services proxied by Squid to be available only during normal "
2688
"business hours. For example, we'll illustrate access by employees of a "
2689
"business which is operating between 9:00AM and 5:00PM, Monday through "
2690
"Friday, and which uses the 10.1.42.0/42 subnetwork:"
1670
msgid "Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we'll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/42 subnetwork:"
2691
1671
msgstr ""
2692
1672
2693
1673
#: serverguide/C/web-servers.xml:883(programlisting)
2694
1674
#, no-wrap
2695
msgid ""
2696
"\n"
2697
"acl biz_network src 10.1.42.0/24\n"
2698
"acl biz_hours time M T W T F 9:00-17:00\n"
1675
msgid "\nacl biz_network src 10.1.42.0/24\nacl biz_hours time M T W T F 9:00-17:00\n"
2699
1676
msgstr ""
2700
1677
2701
1678
#: serverguide/C/web-servers.xml:891(programlisting)
2702
1679
#, no-wrap
2703
msgid ""
2704
"\n"
2705
"http_access allow biz_network biz_hours\n"
1680
msgid "\nhttp_access allow biz_network biz_hours\n"
2706
1681
msgstr ""
2707
1682
2708
1683
#: serverguide/C/web-servers.xml:898(para)
2709
msgid ""
2710
"After making changes to the <filename>/etc/squid/squid.conf</filename> file, "
2711
"save the file and restart the <application>squid</application> server "
2712
"application to effect the changes using the following command entered at a "
2713
"terminal prompt:"
1684
msgid "After making changes to the <filename>/etc/squid/squid.conf</filename> file, save the file and restart the <application>squid</application> server application to effect the changes using the following command entered at a terminal prompt:"
2714
1685
msgstr ""
2715
1686
2716
1687
#: serverguide/C/web-servers.xml:905(command)
2726
1697
msgstr ""
2727
1698
2728
1699
#: serverguide/C/web-servers.xml:919(para)
2729
msgid ""
2730
"Ruby on Rails is an open source web framework for developing database backed "
2731
"web applications. It is optimized for sustainable productivity of the "
2732
"programmer since it lets the programmer to write code by favouring "
2733
"convention over configuration."
1700
msgid "Ruby on Rails is an open source web framework for developing database backed web applications. It is optimized for sustainable productivity of the programmer since it lets the programmer to write code by favouring convention over configuration."
2734
1701
msgstr ""
2735
1702
2736
1703
#: serverguide/C/web-servers.xml:926(para)
2737
msgid ""
2738
"Before installing <application>Rails</application> you should install "
2739
"<application>Apache</application> and <application>MySQL</application>. To "
2740
"install the <application>Apache</application> package, please refer to <xref "
2741
"linkend=\"httpd\"/>. For instructions on installing "
2742
"<application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
1704
msgid "Before installing <application>Rails</application> you should install <application>Apache</application> and <application>MySQL</application>. To install the <application>Apache</application> package, please refer to <xref linkend=\"httpd\"/>. For instructions on installing <application>MySQL</application> refer to <xref linkend=\"mysql\"/>."
2743
1705
msgstr ""
2744
1706
2745
1707
#: serverguide/C/web-servers.xml:934(para)
2746
msgid ""
2747
"Once you have <application>Apache</application> and "
2748
"<application>MySQL</application> packages installed, you are ready to "
2749
"install <application>Ruby on Rails</application> package."
1708
msgid "Once you have <application>Apache</application> and <application>MySQL</application> packages installed, you are ready to install <application>Ruby on Rails</application> package."
2750
1709
msgstr ""
2751
1710
2752
1711
#: serverguide/C/web-servers.xml:941(para)
2753
msgid ""
2754
"To install the <application>Ruby</application> base packages and "
2755
"<application>Ruby on Rails</application>, you can enter the following "
2756
"command in the terminal prompt:"
1712
msgid "To install the <application>Ruby</application> base packages and <application>Ruby on Rails</application>, you can enter the following command in the terminal prompt:"
2757
1713
msgstr ""
2758
1714
2759
1715
#: serverguide/C/web-servers.xml:947(command)
2761
1717
msgstr ""
2762
1718
2763
1719
#: serverguide/C/web-servers.xml:953(para)
2764
msgid ""
2765
"Modify the <filename>/etc/apache2/sites-available/default</filename> "
2766
"configuration file to setup your domains."
1720
msgid "Modify the <filename>/etc/apache2/sites-available/default</filename> configuration file to setup your domains."
2767
1721
msgstr ""
2768
1722
2769
1723
#: serverguide/C/web-servers.xml:957(para)
2770
msgid ""
2771
"The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
1724
msgid "The first thing to change is the <emphasis>DocumentRoot</emphasis> directive:"
2772
1725
msgstr ""
2773
1726
2774
1727
#: serverguide/C/web-servers.xml:961(programlisting)
2775
1728
#, no-wrap
2776
msgid ""
2777
"\n"
2778
"DocumentRoot /path/to/rails/application/public\n"
1729
msgid "\nDocumentRoot /path/to/rails/application/public\n"
2779
1730
msgstr ""
2780
1731
2781
1732
#: serverguide/C/web-servers.xml:964(para)
2782
msgid ""
2783
"Next, change the <Directory \"/path/to/rails/application/public\"> "
2784
"directive:"
1733
msgid "Next, change the <Directory \"/path/to/rails/application/public\"> directive:"
2785
1734
msgstr ""
2786
1735
2787
1736
#: serverguide/C/web-servers.xml:968(programlisting)
2788
1737
#, no-wrap
2789
msgid ""
2790
"\n"
2791
"<Directory \"/path/to/rails/application/public\">\n"
2792
" Options Indexes FollowSymLinks MultiViews ExecCGI\n"
2793
" AllowOverride All\n"
2794
" Order allow,deny\n"
2795
" allow from all\n"
2796
" AddHandler cgi-script .cgi\n"
2797
"</Directory>\n"
1738
msgid "\n<Directory \"/path/to/rails/application/public\">\n Options Indexes FollowSymLinks MultiViews ExecCGI\n AllowOverride All\n Order allow,deny\n allow from all\n AddHandler cgi-script .cgi\n</Directory>\n"
2798
1739
msgstr ""
2799
1740
2800
1741
#: serverguide/C/web-servers.xml:978(para)
2801
msgid ""
2802
"You should also enable the <application>mod_rewrite</application> module for "
2803
"Apache. To enable <application>mod_rewrite</application> module, please "
2804
"enter the following command in a terminal prompt:"
1742
msgid "You should also enable the <application>mod_rewrite</application> module for Apache. To enable <application>mod_rewrite</application> module, please enter the following command in a terminal prompt:"
2805
1743
msgstr ""
2806
1744
2807
1745
#: serverguide/C/web-servers.xml:984(command)
2809
1747
msgstr ""
2810
1748
2811
1749
#: serverguide/C/web-servers.xml:987(para)
2812
msgid ""
2813
"Finally you will need to change the ownership of the "
2814
"<filename>/path/to/rails/application/public</filename> and "
2815
"<filename>/path/to/rails/application/tmp</filename> directories to the user "
2816
"used to run the <application>Apache</application> process:"
1750
msgid "Finally you will need to change the ownership of the <filename>/path/to/rails/application/public</filename> and <filename>/path/to/rails/application/tmp</filename> directories to the user used to run the <application>Apache</application> process:"
2817
1751
msgstr ""
2818
1752
2819
1753
#: serverguide/C/web-servers.xml:993(command)
2825
1759
msgstr ""
2826
1760
2827
1761
#: serverguide/C/web-servers.xml:997(para)
2828
msgid ""
2829
"That's it! Now you have your Server ready for your <application>Ruby on "
2830
"Rails</application> applications."
1762
msgid "That's it! Now you have your Server ready for your <application>Ruby on Rails</application> applications."
2831
1763
msgstr ""
2832
1764
2833
1765
#: serverguide/C/web-servers.xml:1006(para)
2834
msgid ""
2835
"See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website "
2836
"for more information."
1766
msgid "See the <ulink url=\"http://rubyonrails.org/\">Ruby on Rails</ulink> website for more information."
2837
1767
msgstr ""
2838
1768
2839
1769
#: serverguide/C/web-servers.xml:1011(para)
2840
msgid ""
2841
"Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-"
2842
"with-rails-third-edition\">Agile Development with Rails</ulink> is a great "
2843
"resource."
1770
msgid "Also <ulink url=\"http://pragprog.com/titles/rails3/agile-web-development-with-rails-third-edition\">Agile Development with Rails</ulink> is a great resource."
2844
1771
msgstr ""
2845
1772
2846
1773
#: serverguide/C/web-servers.xml:1022(title)
2848
1775
msgstr ""
2849
1776
2850
1777
#: serverguide/C/web-servers.xml:1023(para)
2851
msgid ""
2852
"Apache Tomcat is a web container that allows you to serve Java Servlets and "
2853
"JSP (Java Server Pages) web applications."
1778
msgid "Apache Tomcat is a web container that allows you to serve Java Servlets and JSP (Java Server Pages) web applications."
2854
1779
msgstr ""
2855
1780
2856
1781
#: serverguide/C/web-servers.xml:1025(para)
2857
msgid ""
2858
"The <application>Tomcat 6.0</application> packages in Ubuntu support two "
2859
"different ways of running Tomcat. You can install them as a classic unique "
2860
"system-wide instance, that will be started at boot time and will run as the "
2861
"tomcat6 unpriviledged user. But you can also deploy private instances that "
2862
"will run with your own user rights, and that you should start and stop by "
2863
"yourself. This second way is particularly useful in a development server "
2864
"context where multiple users need to test on their own private Tomcat "
2865
"instances."
1782
msgid "The <application>Tomcat 6.0</application> packages in Ubuntu support two different ways of running Tomcat. You can install them as a classic unique system-wide instance, that will be started at boot time and will run as the tomcat6 unpriviledged user. But you can also deploy private instances that will run with your own user rights, and that you should start and stop by yourself. This second way is particularly useful in a development server context where multiple users need to test on their own private Tomcat instances."
2866
1783
msgstr ""
2867
1784
2868
1785
#: serverguide/C/web-servers.xml:1035(title)
2870
1787
msgstr ""
2871
1788
2872
1789
#: serverguide/C/web-servers.xml:1036(para)
2873
msgid ""
2874
"To install the <application>Tomcat</application> server, you can enter the "
2875
"following command in the terminal prompt:"
1790
msgid "To install the <application>Tomcat</application> server, you can enter the following command in the terminal prompt:"
2876
1791
msgstr ""
2877
1792
2878
1793
#: serverguide/C/web-servers.xml:1039(command)
2880
1795
msgstr ""
2881
1796
2882
1797
#: serverguide/C/web-servers.xml:1041(para)
2883
msgid ""
2884
"This will install a Tomcat server with just a default ROOT webapp that "
2885
"displays a minimal \"It works\" page by default."
1798
msgid "This will install a Tomcat server with just a default ROOT webapp that displays a minimal \"It works\" page by default."
2886
1799
msgstr ""
2887
1800
2888
1801
#: serverguide/C/web-servers.xml:1047(para)
2889
msgid ""
2890
"Tomcat configuration files can be found in "
2891
"<filename>/etc/tomcat6</filename>. Only a few common configuration tweaks "
2892
"will be described here, please see <ulink "
2893
"url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 "
2894
"documentation</ulink> for more."
1802
msgid "Tomcat configuration files can be found in <filename>/etc/tomcat6</filename>. Only a few common configuration tweaks will be described here, please see <ulink url=\"http://tomcat.apache.org/tomcat-6.0-doc/index.html\">Tomcat 6.0 documentation</ulink> for more."
2895
1803
msgstr ""
2896
1804
2897
1805
#: serverguide/C/web-servers.xml:1053(title)
2899
1807
msgstr ""
2900
1808
2901
1809
#: serverguide/C/web-servers.xml:1054(para)
2902
msgid ""
2903
"By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP "
2904
"connector on port 8009. You might want to change those default ports to "
2905
"avoid conflict with another server on the system. This is done by changing "
2906
"the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
1810
msgid "By default Tomcat 6.0 runs a HTTP connector on port 8080 and an AJP connector on port 8009. You might want to change those default ports to avoid conflict with another server on the system. This is done by changing the following lines in <filename>/etc/tomcat6/server.xml</filename>:"
2907
1811
msgstr ""
2908
1812
2909
1813
#: serverguide/C/web-servers.xml:1059(programlisting)
2910
1814
#, no-wrap
2911
msgid ""
2912
"\n"
2913
"<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n"
2914
" connectionTimeout=\"20000\" \n"
2915
" redirectPort=\"8443\" />\n"
2916
"...\n"
2917
"<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" "
2918
"/>\n"
1815
msgid "\n<Connector port=\"8080\" protocol=\"HTTP/1.1\" \n connectionTimeout=\"20000\" \n redirectPort=\"8443\" />\n...\n<Connector port=\"8009\" protocol=\"AJP/1.3\" redirectPort=\"8443\" />\n"
2919
1816
msgstr ""
2920
1817
2921
1818
#: serverguide/C/web-servers.xml:1068(title)
2923
1820
msgstr ""
2924
1821
2925
1822
#: serverguide/C/web-servers.xml:1069(para)
2926
msgid ""
2927
"By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, "
2928
"then try some other JVMs. If you have various JVMs installed, you can set "
2929
"which should be used by setting JAVA_HOME in "
2930
"<filename>/etc/default/tomcat6</filename>:"
1823
msgid "By default Tomcat will run preferably with OpenJDK-6, then try Sun's JVM, then try some other JVMs. If you have various JVMs installed, you can set which should be used by setting JAVA_HOME in <filename>/etc/default/tomcat6</filename>:"
2931
1824
msgstr ""
2932
1825
2933
1826
#: serverguide/C/web-servers.xml:1073(programlisting)
2934
1827
#, no-wrap
2935
msgid ""
2936
"\n"
2937
"JAVA_HOME=/usr/lib/jvm/java-6-sun\n"
1828
msgid "\nJAVA_HOME=/usr/lib/jvm/java-6-sun\n"
2938
1829
msgstr ""
2939
1830
2940
1831
#: serverguide/C/web-servers.xml:1078(title)
2942
1833
msgstr ""
2943
1834
2944
1835
#: serverguide/C/web-servers.xml:1079(para)
2945
msgid ""
2946
"Usernames, passwords and roles (groups) can be defined centrally in a "
2947
"Servlet container. In Tomcat 6.0 this is done in the "
2948
"<filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
1836
msgid "Usernames, passwords and roles (groups) can be defined centrally in a Servlet container. In Tomcat 6.0 this is done in the <filename>/etc/tomcat6/tomcat-users.xml</filename> file:"
2949
1837
msgstr ""
2950
1838
2951
1839
#: serverguide/C/web-servers.xml:1082(programlisting)
2952
1840
#, no-wrap
2953
msgid ""
2954
"\n"
2955
"<role rolename=\"admin\"/>\n"
2956
"<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
1841
msgid "\n<role rolename=\"admin\"/>\n<user username=\"tomcat\" password=\"s3cret\" roles=\"admin\"/>\n"
2957
1842
msgstr ""
2958
1843
2959
1844
#: serverguide/C/web-servers.xml:1090(title)
2961
1846
msgstr ""
2962
1847
2963
1848
#: serverguide/C/web-servers.xml:1091(para)
2964
msgid ""
2965
"Tomcat is shipped with webapps that you can install for documentation, "
2966
"administration or demo purposes."
1849
msgid "Tomcat is shipped with webapps that you can install for documentation, administration or demo purposes."
2967
1850
msgstr ""
2968
1851
2969
1852
#: serverguide/C/web-servers.xml:1094(title)
2971
1854
msgstr ""
2972
1855
2973
1856
#: serverguide/C/web-servers.xml:1095(para)
2974
msgid ""
2975
"The <application>tomcat6-docs</application> package contains Tomcat 6.0 "
2976
"documentation, packaged as a webapp that you can access by default at "
2977
"http://yourserver:8080/docs. You can install it by entering the following "
2978
"command in the terminal prompt:"
1857
msgid "The <application>tomcat6-docs</application> package contains Tomcat 6.0 documentation, packaged as a webapp that you can access by default at http://yourserver:8080/docs. You can install it by entering the following command in the terminal prompt:"
2979
1858
msgstr ""
2980
1859
2981
1860
#: serverguide/C/web-servers.xml:1100(command)
2987
1866
msgstr ""
2988
1867
2989
1868
#: serverguide/C/web-servers.xml:1105(para)
2990
msgid ""
2991
"The <application>tomcat6-admin</application> package contains two webapps "
2992
"that can be used to administer the Tomcat server using a web interface. You "
2993
"can install them by entering the following command in the terminal prompt:"
1869
msgid "The <application>tomcat6-admin</application> package contains two webapps that can be used to administer the Tomcat server using a web interface. You can install them by entering the following command in the terminal prompt:"
2994
1870
msgstr ""
2995
1871
2996
1872
#: serverguide/C/web-servers.xml:1110(command)
2998
1874
msgstr ""
2999
1875
3000
1876
#: serverguide/C/web-servers.xml:1112(para)
3001
msgid ""
3002
"The first one is the <emphasis>manager</emphasis> webapp, which you can "
3003
"access by default at http://yourserver:8080/manager/html. It is primarily "
3004
"used to get server status and restart webapps."
1877
msgid "The first one is the <emphasis>manager</emphasis> webapp, which you can access by default at http://yourserver:8080/manager/html. It is primarily used to get server status and restart webapps."
3005
1878
msgstr ""
3006
1879
3007
1880
#: serverguide/C/web-servers.xml:1115(para)
3008
msgid ""
3009
"Access to the <emphasis>manager</emphasis> application is protected by "
3010
"default: you need to define a user with the role \"manager\" in "
3011
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
1881
msgid "Access to the <emphasis>manager</emphasis> application is protected by default: you need to define a user with the role \"manager\" in <filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3012
1882
msgstr ""
3013
1883
3014
1884
#: serverguide/C/web-servers.xml:1119(para)
3015
msgid ""
3016
"The second one is the <emphasis>host-manager</emphasis> webapp, which you "
3017
"can access by default at http://yourserver:8080/host-manager/html. It can be "
3018
"used to create virtual hosts dynamically."
1885
msgid "The second one is the <emphasis>host-manager</emphasis> webapp, which you can access by default at http://yourserver:8080/host-manager/html. It can be used to create virtual hosts dynamically."
3019
1886
msgstr ""
3020
1887
3021
1888
#: serverguide/C/web-servers.xml:1123(para)
3022
msgid ""
3023
"Access to the <emphasis>host-manager</emphasis> application is also "
3024
"protected by default: you need to define a user with the role \"admin\" in "
3025
"<filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
1889
msgid "Access to the <emphasis>host-manager</emphasis> application is also protected by default: you need to define a user with the role \"admin\" in <filename>/etc/tomcat6/tomcat-users.xml</filename> before you can access it."
3026
1890
msgstr ""
3027
1891
3028
1892
#: serverguide/C/web-servers.xml:1128(para)
3029
msgid ""
3030
"For security reasons, the tomcat6 user cannot write to the "
3031
"<filename>/etc/tomcat6</filename> directory by default. Some features in "
3032
"these admin webapps (application deployment, virtual host creation) need "
3033
"write access to that directory. If you want to use these features execute "
3034
"the following, to give users in the tomcat6 group the necessary rights:"
1893
msgid "For security reasons, the tomcat6 user cannot write to the <filename>/etc/tomcat6</filename> directory by default. Some features in these admin webapps (application deployment, virtual host creation) need write access to that directory. If you want to use these features execute the following, to give users in the tomcat6 group the necessary rights:"
3035
1894
msgstr ""
3036
1895
3037
1896
#: serverguide/C/web-servers.xml:1135(command)
3047
1906
msgstr ""
3048
1907
3049
1908
#: serverguide/C/web-servers.xml:1142(para)
3050
msgid ""
3051
"The <application>tomcat6-examples</application> package contains two webapps "
3052
"that can be used to test or demonstrate Servlets and JSP features, which you "
3053
"can access them by default at http://yourserver:8080/examples. You can "
3054
"install them by entering the following command in the terminal prompt:"
1909
msgid "The <application>tomcat6-examples</application> package contains two webapps that can be used to test or demonstrate Servlets and JSP features, which you can access them by default at http://yourserver:8080/examples. You can install them by entering the following command in the terminal prompt:"
3055
1910
msgstr ""
3056
1911
3057
1912
#: serverguide/C/web-servers.xml:1148(command)
3063
1918
msgstr ""
3064
1919
3065
1920
#: serverguide/C/web-servers.xml:1155(para)
3066
msgid ""
3067
"Tomcat is heavily used in development and testing scenarios where using a "
3068
"single system-wide instance doesn't meet the requirements of multiple users "
3069
"on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to "
3070
"help deploy your own user-oriented instances, allowing every user on a "
3071
"system to run (without root rights) separate private instances while still "
3072
"using the system-installed libraries."
1921
msgid "Tomcat is heavily used in development and testing scenarios where using a single system-wide instance doesn't meet the requirements of multiple users on a single system. The Tomcat 6.0 packages in Ubuntu come with tools to help deploy your own user-oriented instances, allowing every user on a system to run (without root rights) separate private instances while still using the system-installed libraries."
3073
1922
msgstr ""
3074
1923
3075
1924
#: serverguide/C/web-servers.xml:1162(para)
3076
msgid ""
3077
"It is possible to run the system-wide instance and the private instances in "
3078
"parallel, as long as they do not use the same TCP ports."
1925
msgid "It is possible to run the system-wide instance and the private instances in parallel, as long as they do not use the same TCP ports."
3079
1926
msgstr ""
3080
1927
3081
1928
#: serverguide/C/web-servers.xml:1166(title)
3083
1930
msgstr ""
3084
1931
3085
1932
#: serverguide/C/web-servers.xml:1167(para)
3086
msgid ""
3087
"You can install everything necessary to run private instances by entering "
3088
"the following command in the terminal prompt:"
1933
msgid "You can install everything necessary to run private instances by entering the following command in the terminal prompt:"
3089
1934
msgstr ""
3090
1935
3091
1936
#: serverguide/C/web-servers.xml:1170(command)
3097
1942
msgstr ""
3098
1943
3099
1944
#: serverguide/C/web-servers.xml:1175(para)
3100
msgid ""
3101
"You can create a private instance directory by entering the following "
3102
"command in the terminal prompt:"
1945
msgid "You can create a private instance directory by entering the following command in the terminal prompt:"
3103
1946
msgstr ""
3104
1947
3105
1948
#: serverguide/C/web-servers.xml:1178(command)
3107
1950
msgstr ""
3108
1951
3109
1952
#: serverguide/C/web-servers.xml:1180(para)
3110
msgid ""
3111
"This will create a new <filename>my-instance</filename> directory with all "
3112
"the necessary subdirectories and scripts. You can for example install your "
3113
"common libraries in the <filename>lib/</filename> subdirectory and deploy "
3114
"your webapps in the <filename>webapps/</filename> subdirectory. No webapps "
3115
"are deployed by default."
1953
msgid "This will create a new <filename>my-instance</filename> directory with all the necessary subdirectories and scripts. You can for example install your common libraries in the <filename>lib/</filename> subdirectory and deploy your webapps in the <filename>webapps/</filename> subdirectory. No webapps are deployed by default."
3116
1954
msgstr ""
3117
1955
3118
1956
#: serverguide/C/web-servers.xml:1188(title)
3120
1958
msgstr ""
3121
1959
3122
1960
#: serverguide/C/web-servers.xml:1189(para)
3123
msgid ""
3124
"You will find the classic Tomcat configuration files for your private "
3125
"instance in the <filename>conf/</filename> subdirectory. You should for "
3126
"example certainly edit the <filename>conf/server.xml</filename> file to "
3127
"change the default ports used by your private Tomcat instance to avoid "
3128
"conflict with other instances that might be running."
1961
msgid "You will find the classic Tomcat configuration files for your private instance in the <filename>conf/</filename> subdirectory. You should for example certainly edit the <filename>conf/server.xml</filename> file to change the default ports used by your private Tomcat instance to avoid conflict with other instances that might be running."
3129
1962
msgstr ""
3130
1963
3131
1964
#: serverguide/C/web-servers.xml:1197(title)
3133
1966
msgstr ""
3134
1967
3135
1968
#: serverguide/C/web-servers.xml:1198(para)
3136
msgid ""
3137
"You can start your private instance by entering the following command in the "
3138
"terminal prompt (supposing your instance is located in the <filename>my-"
3139
"instance</filename> directory):"
1969
msgid "You can start your private instance by entering the following command in the terminal prompt (supposing your instance is located in the <filename>my-instance</filename> directory):"
3140
1970
msgstr ""
3141
1971
3142
1972
#: serverguide/C/web-servers.xml:1202(command)
3144
1974
msgstr ""
3145
1975
3146
1976
#: serverguide/C/web-servers.xml:1204(para)
3147
msgid ""
3148
"You should check the <filename>logs/</filename> subdirectory for any error. "
3149
"If you have a <emphasis>java.net.BindException: Address already in "
3150
"use<null>:8080</emphasis> error, it means that the port you're using "
3151
"is already taken and that you should change it."
1977
msgid "You should check the <filename>logs/</filename> subdirectory for any error. If you have a <emphasis>java.net.BindException: Address already in use<null>:8080</emphasis> error, it means that the port you're using is already taken and that you should change it."
3152
1978
msgstr ""
3153
1979
3154
1980
#: serverguide/C/web-servers.xml:1209(para)
3155
msgid ""
3156
"You can stop your instance by entering the following command in the terminal "
3157
"prompt (supposing your instance is located in the <filename>my-"
3158
"instance</filename> directory):"
1981
msgid "You can stop your instance by entering the following command in the terminal prompt (supposing your instance is located in the <filename>my-instance</filename> directory):"
3159
1982
msgstr ""
3160
1983
3161
1984
#: serverguide/C/web-servers.xml:1213(command)
3163
1986
msgstr ""
3164
1987
3165
1988
#: serverguide/C/web-servers.xml:1222(para)
3166
msgid ""
3167
"See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> "
3168
"website for more information."
1989
msgid "See the <ulink url=\"http://tomcat.apache.org/\">Apache Tomcat</ulink> website for more information."
3169
1990
msgstr ""
3170
1991
3171
1992
#: serverguide/C/web-servers.xml:1227(para)
3172
msgid ""
3173
"<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The "
3174
"Definitive Guide</ulink> is a good resource for building web applications "
3175
"with Tomcat."
1993
msgid "<ulink url=\"http://oreilly.com/catalog/9780596003180/\">Tomcat: The Definitive Guide</ulink> is a good resource for building web applications with Tomcat."
3176
1994
msgstr ""
3177
1995
3178
1996
#: serverguide/C/web-servers.xml:1233(para)
3179
msgid ""
3180
"For additional books see the <ulink "
3181
"url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list "
3182
"page."
1997
msgid "For additional books see the <ulink url=\"http://wiki.apache.org/tomcat/Tomcat/Books\">Tomcat Books</ulink> list page."
3183
1998
msgstr ""
3184
1999
3185
2000
#: serverguide/C/vpn.xml:13(title)
3187
2002
msgstr ""
3188
2003
3189
2004
#: serverguide/C/vpn.xml:15(para)
3190
msgid ""
3191
"A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted "
3192
"network connection between two or more networks. There are several ways to "
3193
"create a VPN using software as well as dedicated hardware appliances. This "
3194
"chapter will cover installing and configuring "
3195
"<application>OpenVPN</application> to create a VPN between two servers."
2005
msgid "A Virtual Private Network, or <emphasis>VPN</emphasis>, is an encrypted network connection between two or more networks. There are several ways to create a VPN using software as well as dedicated hardware appliances. This chapter will cover installing and configuring <application>OpenVPN</application> to create a VPN between two servers."
3196
2006
msgstr ""
3197
2007
3198
2008
#: serverguide/C/vpn.xml:23(title)
3200
2010
msgstr ""
3201
2011
3202
2012
#: serverguide/C/vpn.xml:25(para)
3203
msgid ""
3204
"OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between "
3205
"nodes. A simple way of setting up a VPN with OpenVPN is to connect the "
3206
"clients through a bridge interface on the VPN server. This guide will assume "
3207
"that one VPN node, the server in this case, has a bridge interface "
3208
"configured. For more information on setting up a bridge see <xref "
3209
"linkend=\"bridging\"/>."
2013
msgid "OpenVPN uses Public Key Infrastructure (PKI) to encrypt VPN traffic between nodes. A simple way of setting up a VPN with OpenVPN is to connect the clients through a bridge interface on the VPN server. This guide will assume that one VPN node, the server in this case, has a bridge interface configured. For more information on setting up a bridge see <xref linkend=\"bridging\"/>."
3210
2014
msgstr ""
3211
2015
3212
2016
#: serverguide/C/vpn.xml:35(para)
3222
2026
msgstr ""
3223
2027
3224
2028
#: serverguide/C/vpn.xml:47(para)
3225
msgid ""
3226
"Now that the <application>openvpn</application> package is installed, the "
3227
"certificates for the VPN server need to be created."
2029
msgid "Now that the <application>openvpn</application> package is installed, the certificates for the VPN server need to be created."
3228
2030
msgstr ""
3229
2031
3230
2032
#: serverguide/C/vpn.xml:52(para)
3231
msgid ""
3232
"First, copy the <filename>easy-rsa</filename> directory to "
3233
"<filename>/etc/openvpn</filename>. This will ensure that any changes to the "
3234
"scripts will not be lost when the package is updated. From a terminal enter:"
2033
msgid "First, copy the <filename>easy-rsa</filename> directory to <filename>/etc/openvpn</filename>. This will ensure that any changes to the scripts will not be lost when the package is updated. From a terminal enter:"
3235
2034
msgstr ""
3236
2035
3237
2036
#: serverguide/C/vpn.xml:58(command)
3239
2038
msgstr ""
3240
2039
3241
2040
#: serverguide/C/vpn.xml:59(command)
3242
msgid ""
3243
"sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/"
2041
msgid "sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/"
3244
2042
msgstr ""
3245
2043
3246
2044
#: serverguide/C/vpn.xml:62(para)
3247
msgid ""
3248
"Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the "
3249
"following to your environment:"
2045
msgid "Next, edit <filename>/etc/openvpn/easy-rsa/vars</filename> adjusting the following to your environment:"
3250
2046
msgstr ""
3251
2047
3252
2048
#: serverguide/C/vpn.xml:66(programlisting)
3253
2049
#, no-wrap
3254
msgid ""
3255
"\n"
3256
"export KEY_COUNTRY=\"US\"\n"
3257
"export KEY_PROVINCE=\"NC\"\n"
3258
"export KEY_CITY=\"Winston-Salem\"\n"
3259
"export KEY_ORG=\"Example Company\"\n"
3260
"export KEY_EMAIL=\"steve@example.com\"\n"
2050
msgid "\nexport KEY_COUNTRY=\"US\"\nexport KEY_PROVINCE=\"NC\"\nexport KEY_CITY=\"Winston-Salem\"\nexport KEY_ORG=\"Example Company\"\nexport KEY_EMAIL=\"steve@example.com\"\n"
3261
2051
msgstr ""
3262
2052
3263
2053
#: serverguide/C/vpn.xml:74(para)
3305
2095
msgstr ""
3306
2096
3307
2097
#: serverguide/C/vpn.xml:94(para)
3308
msgid ""
3309
"The VPN client will also need a certificate to authenticate itself to the "
3310
"server. To create the certificate, enter the following in a terminal:"
2098
msgid "The VPN client will also need a certificate to authenticate itself to the server. To create the certificate, enter the following in a terminal:"
3311
2099
msgstr ""
3312
2100
3313
2101
#: serverguide/C/vpn.xml:100(command)
3319
2107
msgstr ""
3320
2108
3321
2109
#: serverguide/C/vpn.xml:106(para)
3322
msgid ""
3323
"Replace <emphasis>hostname</emphasis> with the actual hostname of the "
3324
"machine connecting to the VPN."
2110
msgid "Replace <emphasis>hostname</emphasis> with the actual hostname of the machine connecting to the VPN."
3325
2111
msgstr ""
3326
2112
3327
2113
#: serverguide/C/vpn.xml:111(para)
3349
2135
msgstr ""
3350
2136
3351
2137
#: serverguide/C/vpn.xml:124(para)
3352
msgid ""
3353
"Remember to adjust the above file names for your client machine's "
3354
"<emphasis>hostname</emphasis>."
2138
msgid "Remember to adjust the above file names for your client machine's <emphasis>hostname</emphasis>."
3355
2139
msgstr ""
3356
2140
3357
2141
#: serverguide/C/vpn.xml:129(para)
3358
msgid ""
3359
"It is best to use a secure method to copy the certificate and key files. The "
3360
"<application>scp</application> utility is a good choice, but copying the "
3361
"files to removable media then to the client, also works well."
2142
msgid "It is best to use a secure method to copy the certificate and key files. The <application>scp</application> utility is a good choice, but copying the files to removable media then to the client, also works well."
3362
2143
msgstr ""
3363
2144
3364
2145
#: serverguide/C/vpn.xml:140(title) serverguide/C/vcs.xml:107(title)
3366
2147
msgstr ""
3367
2148
3368
2149
#: serverguide/C/vpn.xml:142(para)
3369
msgid ""
3370
"Now configure the <application>openvpn</application> server by creating "
3371
"<filename>/etc/openvpn/server.conf</filename> from the example file. In a "
3372
"terminal enter:"
2150
msgid "Now configure the <application>openvpn</application> server by creating <filename>/etc/openvpn/server.conf</filename> from the example file. In a terminal enter:"
3373
2151
msgstr ""
3374
2152
3375
2153
#: serverguide/C/vpn.xml:148(command)
3376
msgid ""
3377
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz "
3378
"/etc/openvpn/"
2154
msgid "sudo cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/"
3379
2155
msgstr ""
3380
2156
3381
2157
#: serverguide/C/vpn.xml:149(command)
3383
2159
msgstr ""
3384
2160
3385
2161
#: serverguide/C/vpn.xml:152(para)
3386
msgid ""
3387
"Edit <filename>etc/openvpn/server.conf</filename> changing the following "
3388
"options to:"
2162
msgid "Edit <filename>etc/openvpn/server.conf</filename> changing the following options to:"
3389
2163
msgstr ""
3390
2164
3391
2165
#: serverguide/C/vpn.xml:156(programlisting)
3392
2166
#, no-wrap
3393
msgid ""
3394
"\n"
3395
"local 172.18.100.101\n"
3396
"dev tap0\n"
3397
"server-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\n"
3398
"push \"route 172.18.100.1 255.255.255.0\"\n"
3399
"push \"dhcp-option DNS 172.18.100.20\"\n"
3400
"push \"dhcp-option DOMAIN example.com\"\n"
3401
"tls-auth ta.key 0 # This file is secret\n"
3402
"user nobody\n"
3403
"group nogroup\n"
2167
msgid "\nlocal 172.18.100.101\ndev tap0\nserver-bridge 172.18.100.101 255.255.255.0 172.18.100.105 172.18.100.200\npush \"route 172.18.100.1 255.255.255.0\"\npush \"dhcp-option DNS 172.18.100.20\"\npush \"dhcp-option DOMAIN example.com\"\ntls-auth ta.key 0 # This file is secret\nuser nobody\ngroup nogroup\n"
3404
2168
msgstr ""
3405
2169
3406
2170
#: serverguide/C/vpn.xml:170(para)
3407
msgid ""
3408
"<emphasis>local</emphasis>: is the IP address of the bridge interface."
2171
msgid "<emphasis>local</emphasis>: is the IP address of the bridge interface."
3409
2172
msgstr ""
3410
2173
3411
2174
#: serverguide/C/vpn.xml:175(para)
3412
msgid ""
3413
"<emphasis>server-bridge</emphasis>: needed when the configuration uses "
3414
"bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is "
3415
"the bridge interface and mask. The IP range <emphasis>172.18.100.105 "
3416
"172.18.100.200</emphasis> is the range of IP addresses that will be assigned "
3417
"to clients."
2175
msgid "<emphasis>server-bridge</emphasis>: needed when the configuration uses bridging. The <emphasis>172.18.100.101 255.255.255.0</emphasis> portion is the bridge interface and mask. The IP range <emphasis>172.18.100.105 172.18.100.200</emphasis> is the range of IP addresses that will be assigned to clients."
3418
2176
msgstr ""
3419
2177
3420
2178
#: serverguide/C/vpn.xml:182(para)
3421
msgid ""
3422
"<emphasis>push</emphasis>: are directives to add networking options for "
3423
"clients."
2179
msgid "<emphasis>push</emphasis>: are directives to add networking options for clients."
3424
2180
msgstr ""
3425
2181
3426
2182
#: serverguide/C/vpn.xml:187(para)
3427
msgid ""
3428
"<emphasis>user and group</emphasis>: configure which user and group the "
3429
"<application>openvpn</application> daemon executes as."
2183
msgid "<emphasis>user and group</emphasis>: configure which user and group the <application>openvpn</application> daemon executes as."
3430
2184
msgstr ""
3431
2185
3432
2186
#: serverguide/C/vpn.xml:194(para)
3433
msgid ""
3434
"Replace all IP addresses and domain names above with those of your network."
2187
msgid "Replace all IP addresses and domain names above with those of your network."
3435
2188
msgstr ""
3436
2189
3437
2190
#: serverguide/C/vpn.xml:199(para)
3438
msgid ""
3439
"Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> "
3440
"interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
2191
msgid "Next, create a couple of helper scripts to add the <emphasis>tap</emphasis> interface to the bridge. Create <filename>/etc/openvpn/up.sh</filename>:"
3441
2192
msgstr ""
3442
2193
3443
2194
#: serverguide/C/vpn.xml:203(programlisting)
3444
2195
#, no-wrap
3445
msgid ""
3446
"\n"
3447
"#!/bin/sh\n"
3448
"\n"
3449
"BR=$1\n"
3450
"DEV=$2\n"
3451
"MTU=$3\n"
3452
"/sbin/ifconfig $DEV mtu $MTU promisc up\n"
3453
"/usr/sbin/brctl addif $BR $DEV\n"
2196
msgid "\n#!/bin/sh\n\nBR=$1\nDEV=$2\nMTU=$3\n/sbin/ifconfig $DEV mtu $MTU promisc up\n/usr/sbin/brctl addif $BR $DEV\n"
3454
2197
msgstr ""
3455
2198
3456
2199
#: serverguide/C/vpn.xml:213(para)
3459
2202
3460
2203
#: serverguide/C/vpn.xml:217(programlisting)
3461
2204
#, no-wrap
3462
msgid ""
3463
"\n"
3464
"#!/bin/sh\n"
3465
"\n"
3466
"BR=$1\n"
3467
"DEV=$2\n"
3468
"\n"
3469
"/usr/sbin/brctl delif $BR $DEV\n"
3470
"/sbin/ifconfig $DEV down\n"
2205
msgid "\n#!/bin/sh\n\nBR=$1\nDEV=$2\n\n/usr/sbin/brctl delif $BR $DEV\n/sbin/ifconfig $DEV down\n"
3471
2206
msgstr ""
3472
2207
3473
2208
#: serverguide/C/vpn.xml:227(para)
3483
2218
msgstr ""
3484
2219
3485
2220
#: serverguide/C/vpn.xml:236(para)
3486
msgid ""
3487
"After configuring the server, restart <application>openvpn</application> by "
3488
"entering:"
2221
msgid "After configuring the server, restart <application>openvpn</application> by entering:"
3489
2222
msgstr ""
3490
2223
3491
2224
#: serverguide/C/vpn.xml:241(command) serverguide/C/vpn.xml:281(command)
3497
2230
msgstr ""
3498
2231
3499
2232
#: serverguide/C/vpn.xml:248(para)
3500
msgid ""
3501
"With the server configured and the client certificates copied over, create a "
3502
"client configuration file by copying the example. In a terminal on the "
3503
"client machine enter:"
2233
msgid "With the server configured and the client certificates copied over, create a client configuration file by copying the example. In a terminal on the client machine enter:"
3504
2234
msgstr ""
3505
2235
3506
2236
#: serverguide/C/vpn.xml:254(command)
3507
msgid ""
3508
"sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf "
3509
"/etc/openvpn"
2237
msgid "sudo cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn"
3510
2238
msgstr ""
3511
2239
3512
2240
#: serverguide/C/vpn.xml:257(para)
3513
msgid ""
3514
"Now edit <filename>/etc/openvpn/client.conf</filename> changing the "
3515
"following options:"
2241
msgid "Now edit <filename>/etc/openvpn/client.conf</filename> changing the following options:"
3516
2242
msgstr ""
3517
2243
3518
2244
#: serverguide/C/vpn.xml:261(programlisting)
3519
2245
#, no-wrap
3520
msgid ""
3521
"\n"
3522
"dev tap\n"
3523
"remote vpn.example.com 1194\n"
3524
"cert hostname.crt\n"
3525
"key hostname.key\n"
3526
"tls-auth ta.key 1\n"
2246
msgid "\ndev tap\nremote vpn.example.com 1194\ncert hostname.crt\nkey hostname.key\ntls-auth ta.key 1\n"
3527
2247
msgstr ""
3528
2248
3529
2249
#: serverguide/C/vpn.xml:270(para)
3530
msgid ""
3531
"Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN "
3532
"server, and <emphasis>hostname.*</emphasis> with the actual certificate and "
3533
"key filenames."
2250
msgid "Replace <emphasis>vpn.example.com</emphasis> with the hostname of your VPN server, and <emphasis>hostname.*</emphasis> with the actual certificate and key filenames."
3534
2251
msgstr ""
3535
2252
3536
2253
#: serverguide/C/vpn.xml:276(para)
3542
2259
msgstr ""
3543
2260
3544
2261
#: serverguide/C/vpn.xml:295(para)
3545
msgid ""
3546
"See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for "
3547
"additional information."
2262
msgid "See the <ulink url=\"http://openvpn.net/\">OpenVPN</ulink> website for additional information."
3548
2263
msgstr ""
3549
2264
3550
2265
#: serverguide/C/vpn.xml:300(para)
3551
msgid ""
3552
"Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: "
3553
"Building and Integrating Virtual Private Networks</ulink> is a good resource."
2266
msgid "Also, Pakt's <ulink url=\"http://www.packtpub.com/openvpn/book\">OpenVPN: Building and Integrating Virtual Private Networks</ulink> is a good resource."
3554
2267
msgstr ""
3555
2268
3556
2269
#: serverguide/C/virtualization.xml:13(title)
3558
2271
msgstr ""
3559
2272
3560
2273
#: serverguide/C/virtualization.xml:14(para)
3561
msgid ""
3562
"Virtualization is being adopted in many different environments and "
3563
"situations. If you are a developer, virtualization can provide you with a "
3564
"contained environment where you can safely do almost any sort of development "
3565
"safe from messing up your main working environment. If you are a systems "
3566
"administrator, you can use virtualization to more easily separate your "
3567
"services and move them around based on demand."
2274
msgid "Virtualization is being adopted in many different environments and situations. If you are a developer, virtualization can provide you with a contained environment where you can safely do almost any sort of development safe from messing up your main working environment. If you are a systems administrator, you can use virtualization to more easily separate your services and move them around based on demand."
3568
2275
msgstr ""
3569
2276
3570
2277
#: serverguide/C/virtualization.xml:20(para)
3571
msgid ""
3572
"The default virtualization technology supported in Ubuntu is "
3573
"<application>KVM</application>, a technology that takes advantage of "
3574
"virtualization extensions built into Intel and AMD hardware. For hardware "
3575
"without virtualization extensions <application>Xen</application> and "
3576
"<application>Qemu</application> are popular solutions."
2278
msgid "The default virtualization technology supported in Ubuntu is <application>KVM</application>, a technology that takes advantage of virtualization extensions built into Intel and AMD hardware. For hardware without virtualization extensions <application>Xen</application> and <application>Qemu</application> are popular solutions."
3577
2279
msgstr ""
3578
2280
3579
2281
#: serverguide/C/virtualization.xml:27(title)
3581
2283
msgstr ""
3582
2284
3583
2285
#: serverguide/C/virtualization.xml:28(para)
3584
msgid ""
3585
"The <application>libvirt</application> library is used to interface with "
3586
"different virtualization technologies. Before getting started with "
3587
"<application>libvirt</application> it is best to make sure your hardware "
3588
"supports the necessary virtualization extensions for "
3589
"<application>KVM</application>. Enter the following from a terminal prompt:"
2286
msgid "The <application>libvirt</application> library is used to interface with different virtualization technologies. Before getting started with <application>libvirt</application> it is best to make sure your hardware supports the necessary virtualization extensions for <application>KVM</application>. Enter the following from a terminal prompt:"
3590
2287
msgstr ""
3591
2288
3592
2289
#: serverguide/C/virtualization.xml:34(command)
3594
2291
msgstr ""
3595
2292
3596
2293
#: serverguide/C/virtualization.xml:36(para)
3597
msgid ""
3598
"If nothing is printed, it means that your cpu does <emphasis>not</emphasis> "
3599
"support hardware virtualization."
2294
msgid "If nothing is printed, it means that your cpu does <emphasis>not</emphasis> support hardware virtualization."
3600
2295
msgstr ""
3601
2296
3602
2297
#: serverguide/C/virtualization.xml:40(para)
3603
msgid ""
3604
"On most computer whose processor supports virtualization, it is necessary to "
3605
"activate an option in the bios to enable it. The method described above does "
3606
"not show the status of it's activation."
2298
msgid "On most computer whose processor supports virtualization, it is necessary to activate an option in the bios to enable it. The method described above does not show the status of it's activation."
3607
2299
msgstr ""
3608
2300
3609
2301
#: serverguide/C/virtualization.xml:47(title)
3611
2303
msgstr ""
3612
2304
3613
2305
#: serverguide/C/virtualization.xml:49(para)
3614
msgid ""
3615
"There are a few different ways to allow a virtual machine access to the "
3616
"external network. The default virtual network configuration is "
3617
"<emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and "
3618
"traffic is NATed through the host interface to the outside network."
2306
msgid "There are a few different ways to allow a virtual machine access to the external network. The default virtual network configuration is <emphasis>usermode</emphasis> networking, which uses the SLIRP protocol and traffic is NATed through the host interface to the outside network."
3619
2307
msgstr ""
3620
2308
3621
2309
#: serverguide/C/virtualization.xml:54(para)
3622
msgid ""
3623
"To enable external hosts to directly access services on virtual machines a "
3624
"<emphasis>bridge</emphasis> needs to be configured. This allows the virtual "
3625
"interfaces to connect to the outside network through the physical interface, "
3626
"making them appear as normal hosts to the rest of the network. For "
3627
"information on setting up a bridge see <xref linkend=\"bridging\"/>."
2310
msgid "To enable external hosts to directly access services on virtual machines a <emphasis>bridge</emphasis> needs to be configured. This allows the virtual interfaces to connect to the outside network through the physical interface, making them appear as normal hosts to the rest of the network. For information on setting up a bridge see <xref linkend=\"bridging\"/>."
3628
2311
msgstr ""
3629
2312
3630
2313
#: serverguide/C/virtualization.xml:63(para)
3636
2319
msgstr ""
3637
2320
3638
2321
#: serverguide/C/virtualization.xml:69(para)
3639
msgid ""
3640
"After installing <application>libvirt-bin</application>, the user used to "
3641
"manage virtual machines will need to be added to the "
3642
"<emphasis>libvirtd</emphasis> group. Doing so will grant the user access to "
3643
"the advanced networking options."
2322
msgid "After installing <application>libvirt-bin</application>, the user used to manage virtual machines will need to be added to the <emphasis>libvirtd</emphasis> group. Doing so will grant the user access to the advanced networking options."
3644
2323
msgstr ""
3645
2324
3646
2325
#: serverguide/C/virtualization.xml:73(para)
3652
2331
msgstr ""
3653
2332
3654
2333
#: serverguide/C/virtualization.xml:80(para)
3655
msgid ""
3656
"If the user chosen is the current user, you will need to log out and back in "
3657
"for the new group membership to take effect."
2334
msgid "If the user chosen is the current user, you will need to log out and back in for the new group membership to take effect."
3658
2335
msgstr ""
3659
2336
3660
2337
#: serverguide/C/virtualization.xml:84(para)
3661
msgid ""
3662
"You are now ready to install a <emphasis>Guest</emphasis> operating system. "
3663
"Installing a virtual machine follows the same process as installing the "
3664
"operating system directly on the hardware. You either need a way to automate "
3665
"the installation, or a keyboard and monitor will need to be attached to the "
3666
"physical machine."
2338
msgid "You are now ready to install a <emphasis>Guest</emphasis> operating system. Installing a virtual machine follows the same process as installing the operating system directly on the hardware. You either need a way to automate the installation, or a keyboard and monitor will need to be attached to the physical machine."
3667
2339
msgstr ""
3668
2340
3669
2341
#: serverguide/C/virtualization.xml:89(para)
3670
msgid ""
3671
"In the case of virtual machines a Graphical User Interface (GUI) is "
3672
"analogous to using a physical keyboard and mouse. Instead of installing a "
3673
"GUI the <application>virt-viewer</application> application can be used to "
3674
"connect to a virtual machine's console using <application>VNC</application>. "
3675
"See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
2342
msgid "In the case of virtual machines a Graphical User Interface (GUI) is analogous to using a physical keyboard and mouse. Instead of installing a GUI the <application>virt-viewer</application> application can be used to connect to a virtual machine's console using <application>VNC</application>. See <xref linkend=\"libvirt-virt-viewer\"/> for more information."
3676
2343
msgstr ""
3677
2344
3678
2345
#: serverguide/C/virtualization.xml:94(para)
3679
msgid ""
3680
"There are several ways to automate the Ubuntu installation process, for "
3681
"example using preseeds, kickstart, etc. Refer to the <ulink "
3682
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
3683
"Guide</ulink> for details."
2346
msgid "There are several ways to automate the Ubuntu installation process, for example using preseeds, kickstart, etc. Refer to the <ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu Installation Guide</ulink> for details."
3684
2347
msgstr ""
3685
2348
3686
2349
#: serverguide/C/virtualization.xml:98(para)
3687
msgid ""
3688
"Yet another way to install an Ubuntu virtual machine is to use "
3689
"<application>ubuntu-vm-builder</application>. <application>ubuntu-vm-"
3690
"builder</application> allows you to setup advanced partitions, execute "
3691
"custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-"
3692
"vmbuilder\"/>"
2350
msgid "Yet another way to install an Ubuntu virtual machine is to use <application>ubuntu-vm-builder</application>. <application>ubuntu-vm-builder</application> allows you to setup advanced partitions, execute custom post-install scripts, etc. For details see <xref linkend=\"jeos-and-vmbuilder\"/>"
3693
2351
msgstr ""
3694
2352
3695
2353
#: serverguide/C/virtualization.xml:104(title)
3697
2355
msgstr ""
3698
2356
3699
2357
#: serverguide/C/virtualization.xml:105(para)
3700
msgid ""
3701
"<application>virt-install</application> is part of the <application>python-"
3702
"virtinst</application> package. To install it, from a terminal prompt enter:"
2358
msgid "<application>virt-install</application> is part of the <application>python-virtinst</application> package. To install it, from a terminal prompt enter:"
3703
2359
msgstr ""
3704
2360
3705
2361
#: serverguide/C/virtualization.xml:109(command)
3707
2363
msgstr ""
3708
2364
3709
2365
#: serverguide/C/virtualization.xml:111(para)
3710
msgid ""
3711
"There are several options available when using <application>virt-"
3712
"install</application>. For example:"
2366
msgid "There are several options available when using <application>virt-install</application>. For example:"
3713
2367
msgstr ""
3714
2368
3715
2369
#: serverguide/C/virtualization.xml:115(command)
3716
msgid ""
3717
"sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --"
3718
"accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
2370
msgid "sudo virt-install -n web_devel -r 256 -f web_devel.img \\ -s 4 -c jeos.iso --accelerate \\ --connect=qemu:///system --vnc \\ --noautoconsole -v"
3719
2371
msgstr ""
3720
2372
3721
2373
#: serverguide/C/virtualization.xml:122(para)
3722
msgid ""
3723
"<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will "
3724
"be <emphasis>web_devel</emphasis> in this example."
2374
msgid "<emphasis>-n web_devel:</emphasis> the name of the new virtual machine will be <emphasis>web_devel</emphasis> in this example."
3725
2375
msgstr ""
3726
2376
3727
2377
#: serverguide/C/virtualization.xml:127(para)
3728
msgid ""
3729
"<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual "
3730
"machine will use."
2378
msgid "<emphasis>-r 256:</emphasis> specifies the amount of memory the virtual machine will use."
3731
2379
msgstr ""
3732
2380
3733
2381
#: serverguide/C/virtualization.xml:132(para)
3734
msgid ""
3735
"<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual "
3736
"disk which can be a file, partition, or logical volume. In this example a "
3737
"file named <filename>web_devel.img</filename>."
2382
msgid "<emphasis>-f web_devel.img:</emphasis> indicates the path to the virtual disk which can be a file, partition, or logical volume. In this example a file named <filename>web_devel.img</filename>."
3738
2383
msgstr ""
3739
2384
3740
2385
#: serverguide/C/virtualization.xml:138(para)
3742
2387
msgstr ""
3743
2388
3744
2389
#: serverguide/C/virtualization.xml:143(para)
3745
msgid ""
3746
"<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The "
3747
"file can be either an ISO file or the path to the host's CDROM device."
2390
msgid "<emphasis>-c jeos.iso:</emphasis> file to be used as a virtual CDROM. The file can be either an ISO file or the path to the host's CDROM device."
3748
2391
msgstr ""
3749
2392
3750
2393
#: serverguide/C/virtualization.xml:149(para)
3751
msgid ""
3752
"<emphasis>--accelerate:</emphasis> enables the kernel's acceleration "
3753
"technologies."
2394
msgid "<emphasis>--accelerate:</emphasis> enables the kernel's acceleration technologies."
3754
2395
msgstr ""
3755
2396
3756
2397
#: serverguide/C/virtualization.xml:154(para)
3757
msgid ""
3758
"<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
2398
msgid "<emphasis>--vnc:</emphasis> exports the guest's virtual console using VNC."
3759
2399
msgstr ""
3760
2400
3761
2401
#: serverguide/C/virtualization.xml:159(para)
3762
msgid ""
3763
"<emphasis>--noautoconsole:</emphasis> will not automatically connect to the "
3764
"virtual machine's console."
2402
msgid "<emphasis>--noautoconsole:</emphasis> will not automatically connect to the virtual machine's console."
3765
2403
msgstr ""
3766
2404
3767
2405
#: serverguide/C/virtualization.xml:164(para)
3769
2407
msgstr ""
3770
2408
3771
2409
#: serverguide/C/virtualization.xml:169(para)
3772
msgid ""
3773
"After launching <application>virt-install</application> you can connect to "
3774
"the virtual machine's console either locally using a GUI or with the "
3775
"<application>virt-viewer</application> utility."
2410
msgid "After launching <application>virt-install</application> you can connect to the virtual machine's console either locally using a GUI or with the <application>virt-viewer</application> utility."
3776
2411
msgstr ""
3777
2412
3778
2413
#: serverguide/C/virtualization.xml:175(title)
3780
2415
msgstr ""
3781
2416
3782
2417
#: serverguide/C/virtualization.xml:176(para)
3783
msgid ""
3784
"The <application>virt-clone</application> application can be used to copy "
3785
"one virtual machine to another. For example:"
2418
msgid "The <application>virt-clone</application> application can be used to copy one virtual machine to another. For example:"
3786
2419
msgstr ""
3787
2420
3788
2421
#: serverguide/C/virtualization.xml:180(command)
3789
msgid ""
3790
"sudo virt-clone -o web_devel -n database_devel -f "
3791
"/path/to/database_devel.img --connect=qemu:///system"
2422
msgid "sudo virt-clone -o web_devel -n database_devel -f /path/to/database_devel.img --connect=qemu:///system"
3792
2423
msgstr ""
3793
2424
3794
2425
#: serverguide/C/virtualization.xml:184(para)
3800
2431
msgstr ""
3801
2432
3802
2433
#: serverguide/C/virtualization.xml:194(para)
3803
msgid ""
3804
"<emphasis>-f:</emphasis> path to the file, logical volume, or partition to "
3805
"be used by the new virtual machine."
2434
msgid "<emphasis>-f:</emphasis> path to the file, logical volume, or partition to be used by the new virtual machine."
3806
2435
msgstr ""
3807
2436
3808
2437
#: serverguide/C/virtualization.xml:199(para)
3809
msgid ""
3810
"<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
2438
msgid "<emphasis>--connect:</emphasis> specifies which hypervisor to connect to."
3811
2439
msgstr ""
3812
2440
3813
2441
#: serverguide/C/virtualization.xml:204(para)
3814
msgid ""
3815
"Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to "
3816
"help troubleshoot problems with <application>virt-clone</application>."
2442
msgid "Also, use <emphasis>-d</emphasis> or <emphasis>--debug</emphasis> option to help troubleshoot problems with <application>virt-clone</application>."
3817
2443
msgstr ""
3818
2444
3819
2445
#: serverguide/C/virtualization.xml:209(para)
3820
msgid ""
3821
"Replace <emphasis>web_devel</emphasis> and "
3822
"<emphasis>database_devel</emphasis> with appropriate virtual machine names."
2446
msgid "Replace <emphasis>web_devel</emphasis> and <emphasis>database_devel</emphasis> with appropriate virtual machine names."
3823
2447
msgstr ""
3824
2448
3825
2449
#: serverguide/C/virtualization.xml:215(title)
3831
2455
msgstr ""
3832
2456
3833
2457
#: serverguide/C/virtualization.xml:218(para)
3834
msgid ""
3835
"There are several utilities available to manage virtual machines and "
3836
"<application>libvirt</application>. The <application>virsh</application> "
3837
"utility can be used from the command line. Some examples:"
2458
msgid "There are several utilities available to manage virtual machines and <application>libvirt</application>. The <application>virsh</application> utility can be used from the command line. Some examples:"
3838
2459
msgstr ""
3839
2460
3840
2461
#: serverguide/C/virtualization.xml:224(para)
3870
2491
msgstr ""
3871
2492
3872
2493
#: serverguide/C/virtualization.xml:256(para)
3873
msgid ""
3874
"The <emphasis>state</emphasis> of virtual machines can be saved to a file in "
3875
"order to be restored later. The following will save the virtual machine "
3876
"state into a file named according to the date:"
2494
msgid "The <emphasis>state</emphasis> of virtual machines can be saved to a file in order to be restored later. The following will save the virtual machine state into a file named according to the date:"
3877
2495
msgstr ""
3878
2496
3879
2497
#: serverguide/C/virtualization.xml:261(command)
3909
2527
msgstr ""
3910
2528
3911
2529
#: serverguide/C/virtualization.xml:293(para)
3912
msgid ""
3913
"In the above examples replace <emphasis>web_devel</emphasis> with the "
3914
"appropriate virtual machine name, and <filename>web_devel-"
3915
"022708.state</filename> with a descriptive file name."
2530
msgid "In the above examples replace <emphasis>web_devel</emphasis> with the appropriate virtual machine name, and <filename>web_devel-022708.state</filename> with a descriptive file name."
3916
2531
msgstr ""
3917
2532
3918
2533
#: serverguide/C/virtualization.xml:300(title)
3920
2535
msgstr ""
3921
2536
3922
2537
#: serverguide/C/virtualization.xml:301(para)
3923
msgid ""
3924
"The <application>virt-manager</application> package contains a graphical "
3925
"utility to manage local and remote virtual machines. To install virt-manager "
3926
"enter:"
2538
msgid "The <application>virt-manager</application> package contains a graphical utility to manage local and remote virtual machines. To install virt-manager enter:"
3927
2539
msgstr ""
3928
2540
3929
2541
#: serverguide/C/virtualization.xml:306(command)
3931
2543
msgstr ""
3932
2544
3933
2545
#: serverguide/C/virtualization.xml:308(para)
3934
msgid ""
3935
"Since <application>virt-manager</application> requires a Graphical User "
3936
"Interface (GUI) environment it is recommended to be installed on a "
3937
"workstation or test machine instead of a production server. To connect to "
3938
"the local <application>libvirt</application> service enter:"
2546
msgid "Since <application>virt-manager</application> requires a Graphical User Interface (GUI) environment it is recommended to be installed on a workstation or test machine instead of a production server. To connect to the local <application>libvirt</application> service enter:"
3939
2547
msgstr ""
3940
2548
3941
2549
#: serverguide/C/virtualization.xml:314(command)
3943
2551
msgstr ""
3944
2552
3945
2553
#: serverguide/C/virtualization.xml:316(para)
3946
msgid ""
3947
"You can connect to the <application>libvirt</application> service running on "
3948
"another host by entering the following in a terminal prompt:"
2554
msgid "You can connect to the <application>libvirt</application> service running on another host by entering the following in a terminal prompt:"
3949
2555
msgstr ""
3950
2556
3951
2557
#: serverguide/C/virtualization.xml:320(command)
3953
2559
msgstr ""
3954
2560
3955
2561
#: serverguide/C/virtualization.xml:323(para)
3956
msgid ""
3957
"The above example assumes that <application>SSH</application> connectivity "
3958
"between the management system and virtnode1.mydomain.com has already been "
3959
"configured, and uses SSH keys for authentication. SSH "
3960
"<emphasis>keys</emphasis> are needed because "
3961
"<application>libvirt</application> sends the password prompt to another "
3962
"process. For details on configuring <application>SSH</application> see <xref "
3963
"linkend=\"openssh-server\"/>"
2562
msgid "The above example assumes that <application>SSH</application> connectivity between the management system and virtnode1.mydomain.com has already been configured, and uses SSH keys for authentication. SSH <emphasis>keys</emphasis> are needed because <application>libvirt</application> sends the password prompt to another process. For details on configuring <application>SSH</application> see <xref linkend=\"openssh-server\"/>"
3964
2563
msgstr ""
3965
2564
3966
2565
#: serverguide/C/virtualization.xml:333(title)
3968
2567
msgstr ""
3969
2568
3970
2569
#: serverguide/C/virtualization.xml:334(para)
3971
msgid ""
3972
"The <application>virt-viewer</application> application allows you to connect "
3973
"to a virtual machine's console. <application>virt-viewer</application> does "
3974
"require a Graphical User Interface (GUI) to interface with the virtual "
3975
"machine."
2570
msgid "The <application>virt-viewer</application> application allows you to connect to a virtual machine's console. <application>virt-viewer</application> does require a Graphical User Interface (GUI) to interface with the virtual machine."
3976
2571
msgstr ""
3977
2572
3978
2573
#: serverguide/C/virtualization.xml:338(para)
3979
msgid ""
3980
"To install <application>virt-viewer</application> from a terminal enter:"
2574
msgid "To install <application>virt-viewer</application> from a terminal enter:"
3981
2575
msgstr ""
3982
2576
3983
2577
#: serverguide/C/virtualization.xml:342(command)
3985
2579
msgstr ""
3986
2580
3987
2581
#: serverguide/C/virtualization.xml:344(para)
3988
msgid ""
3989
"Once a virtual machine is installed and running you can connect to the "
3990
"virtual machine's console by using:"
2582
msgid "Once a virtual machine is installed and running you can connect to the virtual machine's console by using:"
3991
2583
msgstr ""
3992
2584
3993
2585
#: serverguide/C/virtualization.xml:348(command)
3995
2587
msgstr ""
3996
2588
3997
2589
#: serverguide/C/virtualization.xml:350(para)
3998
msgid ""
3999
"Similar to <application>virt-manager</application>, <application>virt-"
4000
"viewer</application> can connect to a remote host using "
4001
"<emphasis>SSH</emphasis> with key authentication, as well:"
2590
msgid "Similar to <application>virt-manager</application>, <application>virt-viewer</application> can connect to a remote host using <emphasis>SSH</emphasis> with key authentication, as well:"
4002
2591
msgstr ""
4003
2592
4004
2593
#: serverguide/C/virtualization.xml:355(command)
4006
2595
msgstr ""
4007
2596
4008
2597
#: serverguide/C/virtualization.xml:357(para)
4009
msgid ""
4010
"Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the "
4011
"appropriate virtual machine name."
2598
msgid "Be sure to replace <emphasis role=\"italic\">web_devel</emphasis> with the appropriate virtual machine name."
4012
2599
msgstr ""
4013
2600
4014
2601
#: serverguide/C/virtualization.xml:360(para)
4015
msgid ""
4016
"If configured to use a <emphasis>bridged</emphasis> network interface you "
4017
"can also setup <application>SSH</application> access to the virtual machine. "
4018
"See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for "
4019
"more details."
2602
msgid "If configured to use a <emphasis>bridged</emphasis> network interface you can also setup <application>SSH</application> access to the virtual machine. See <xref linkend=\"openssh-server\"/> and <xref linkend=\"bridging\"/> for more details."
4020
2603
msgstr ""
4021
2604
4022
2605
#: serverguide/C/virtualization.xml:369(para)
4023
msgid ""
4024
"See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page "
4025
"for more details."
2606
msgid "See the <ulink url=\"http://kvm.qumranet.com/kvmwiki\">KVM</ulink> home page for more details."
4026
2607
msgstr ""
4027
2608
4028
2609
#: serverguide/C/virtualization.xml:374(para)
4029
msgid ""
4030
"For more information on <application>libvirt</application> see the <ulink "
4031
"url=\"http://libvirt.org/\">libvirt home page</ulink>"
2610
msgid "For more information on <application>libvirt</application> see the <ulink url=\"http://libvirt.org/\">libvirt home page</ulink>"
4032
2611
msgstr ""
4033
2612
4034
2613
#: serverguide/C/virtualization.xml:379(para)
4035
msgid ""
4036
"The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine "
4037
"Manager</ulink> site has more information on <application>virt-"
4038
"manager</application> development."
2614
msgid "The <ulink url=\"http://virt-manager.et.redhat.com/\">Virtual Machine Manager</ulink> site has more information on <application>virt-manager</application> development."
4039
2615
msgstr ""
4040
2616
4041
2617
#: serverguide/C/virtualization.xml:385(para)
4042
msgid ""
4043
"Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink "
4044
"url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization "
4045
"technology in Ubuntu."
2618
msgid "Also, stop by the <emphasis>#ubuntu-virt</emphasis> IRC channel on <ulink url=\"http://freenode.net/\">freenode</ulink> to discuss virtualization technology in Ubuntu."
4046
2619
msgstr ""
4047
2620
4048
2621
#: serverguide/C/virtualization.xml:394(title)
4054
2627
msgstr ""
4055
2628
4056
2629
#: serverguide/C/virtualization.xml:402(para)
4057
msgid ""
4058
"Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient "
4059
"variant of the Ubuntu Server operating system, configured specifically for "
4060
"virtual appliances. No longer available as a CD-ROM ISO for download, but "
4061
"only as an option either:"
2630
msgid "Ubuntu <emphasis>JeOS</emphasis> (pronounced \"Juice\") is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. No longer available as a CD-ROM ISO for download, but only as an option either:"
4062
2631
msgstr ""
4063
2632
4064
2633
#: serverguide/C/virtualization.xml:409(para)
4065
msgid ""
4066
"While installing from the Server Edition ISO (pressing "
4067
"<emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal "
4068
"installation\", which is the package selection equivalent to JeOS)."
2634
msgid "While installing from the Server Edition ISO (pressing <emphasis>F4</emphasis> on the first screen will allow you to pick \"Minimal installation\", which is the package selection equivalent to JeOS)."
4069
2635
msgstr ""
4070
2636
4071
2637
#: serverguide/C/virtualization.xml:415(para)
4073
2639
msgstr ""
4074
2640
4075
2641
#: serverguide/C/virtualization.xml:421(para)
4076
msgid ""
4077
"JeOS is a specialized installation of Ubuntu Server Edition with a tuned "
4078
"kernel that only contains the base elements needed to run within a "
4079
"virtualized environment."
2642
msgid "JeOS is a specialized installation of Ubuntu Server Edition with a tuned kernel that only contains the base elements needed to run within a virtualized environment."
4080
2643
msgstr ""
4081
2644
4082
2645
#: serverguide/C/virtualization.xml:426(para)
4083
msgid ""
4084
"Ubuntu JeOS has been tuned to take advantage of key performance technologies "
4085
"in the latest virtualization products from VMware. This combination of "
4086
"reduced size and optimized performance ensures that Ubuntu JeOS Edition "
4087
"delivers a highly efficient use of server resources in large virtual "
4088
"deployments."
2646
msgid "Ubuntu JeOS has been tuned to take advantage of key performance technologies in the latest virtualization products from VMware. This combination of reduced size and optimized performance ensures that Ubuntu JeOS Edition delivers a highly efficient use of server resources in large virtual deployments."
4089
2647
msgstr ""
4090
2648
4091
2649
#: serverguide/C/virtualization.xml:432(para)
4092
msgid ""
4093
"Without unnecessary drivers, and only the minimal required packages, ISVs "
4094
"can configure their supporting OS exactly as they require. They have the "
4095
"peace of mind that updates, whether for security or enhancement reasons, "
4096
"will be limited to the bare minimum of what is required in their specific "
4097
"environment. In turn, users deploying virtual appliances built on top of "
4098
"JeOS will have to go through fewer updates and therefore less maintenance "
4099
"than they would have had to with a standard full installation of a server."
2650
msgid "Without unnecessary drivers, and only the minimal required packages, ISVs can configure their supporting OS exactly as they require. They have the peace of mind that updates, whether for security or enhancement reasons, will be limited to the bare minimum of what is required in their specific environment. In turn, users deploying virtual appliances built on top of JeOS will have to go through fewer updates and therefore less maintenance than they would have had to with a standard full installation of a server."
4100
2651
msgstr ""
4101
2652
4102
2653
#: serverguide/C/virtualization.xml:441(title)
4104
2655
msgstr ""
4105
2656
4106
2657
#: serverguide/C/virtualization.xml:443(para)
4107
msgid ""
4108
"With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder "
4109
"will fetch the various package and build a virtual machine tailored for our "
4110
"need in about a minute for us. Vmbuilder is a Script that automates the "
4111
"process of creating a ready to use Linux based VM. The currently supported "
4112
"hypervisors are KVM and Xen."
2658
msgid "With vmbuilder, there is no need to download a JeOS ISO anymore. vmbuilder will fetch the various package and build a virtual machine tailored for our need in about a minute for us. Vmbuilder is a Script that automates the process of creating a ready to use Linux based VM. The currently supported hypervisors are KVM and Xen."
4113
2659
msgstr ""
4114
2660
4115
2661
#: serverguide/C/virtualization.xml:449(para)
4116
msgid ""
4117
"You can pass command line options to add extra packages, remove packages, "
4118
"choose which version of Ubuntu, which mirror etc. On recent hardware with "
4119
"plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and "
4120
"a local mirror, you can bootstrap a VM in less than a minute."
2662
msgid "You can pass command line options to add extra packages, remove packages, choose which version of Ubuntu, which mirror etc. On recent hardware with plenty of RAM, tmpdir in <filename>/dev/shm</filename> or using a tmpfs, and a local mirror, you can bootstrap a VM in less than a minute."
4121
2663
msgstr ""
4122
2664
4123
2665
#: serverguide/C/virtualization.xml:455(para)
4124
msgid ""
4125
"First introduced as a shell script in Ubuntu 8.04LTS, <application>ubuntu-vm-"
4126
"builder</application> started with little emphasis as a hack to help "
4127
"developers test their new code in a virtual machine without having to "
4128
"restart from scratch each time. As a few Ubuntu administrators started to "
4129
"notice this script, a few of them went on improving it and adapting it for "
4130
"so many use case that Soren Hansen (the author of the script and Ubuntu "
4131
"virtualization specialist, not the golf player) decided to rewrite it from "
4132
"scratch for Intrepid as a python script with a few new design goals:"
2666
msgid "First introduced as a shell script in Ubuntu 8.04LTS, <application>ubuntu-vm-builder</application> started with little emphasis as a hack to help developers test their new code in a virtual machine without having to restart from scratch each time. As a few Ubuntu administrators started to notice this script, a few of them went on improving it and adapting it for so many use case that Soren Hansen (the author of the script and Ubuntu virtualization specialist, not the golf player) decided to rewrite it from scratch for Intrepid as a python script with a few new design goals:"
4133
2667
msgstr ""
4134
2668
4135
2669
#: serverguide/C/virtualization.xml:465(para)
4137
2671
msgstr ""
4138
2672
4139
2673
#: serverguide/C/virtualization.xml:470(para)
4140
msgid ""
4141
"Use a plugin mechanisms for all virtualization interactions so that others "
4142
"can easily add logic for other virtualization environments."
2674
msgid "Use a plugin mechanisms for all virtualization interactions so that others can easily add logic for other virtualization environments."
4143
2675
msgstr ""
4144
2676
4145
2677
#: serverguide/C/virtualization.xml:475(para)
4146
msgid ""
4147
"Provide an easy to maintain web interface as an option to the command line "
4148
"interface."
2678
msgid "Provide an easy to maintain web interface as an option to the command line interface."
4149
2679
msgstr ""
4150
2680
4151
2681
#: serverguide/C/virtualization.xml:481(para)
4157
2687
msgstr ""
4158
2688
4159
2689
#: serverguide/C/virtualization.xml:490(para)
4160
msgid ""
4161
"It is assumed that you have installed and configured "
4162
"<application>libvirt</application> and <application>KVM</application> "
4163
"locally on the machine you are using. For details on how to perform this, "
4164
"please refer to:"
2690
msgid "It is assumed that you have installed and configured <application>libvirt</application> and <application>KVM</application> locally on the machine you are using. For details on how to perform this, please refer to:"
4165
2691
msgstr ""
4166
2692
4167
2693
#: serverguide/C/virtualization.xml:502(para)
4168
msgid ""
4169
"The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki "
4170
"page."
2694
msgid "The <ulink url=\"https://help.ubuntu.com/community/KVM\">KVM</ulink> Wiki page."
4171
2695
msgstr ""
4172
2696
4173
2697
#: serverguide/C/virtualization.xml:508(para)
4174
msgid ""
4175
"We also assume that you know how to use a text based text editor such as "
4176
"nano or vi. If you have not used any of them before, you can get an overview "
4177
"of the various text editors available by reading the <ulink "
4178
"url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTex"
4179
"tEditors</ulink> page. This tutorial has been done on KVM, but the general "
4180
"principle should remain on other virtualization technologies."
2698
msgid "We also assume that you know how to use a text based text editor such as nano or vi. If you have not used any of them before, you can get an overview of the various text editors available by reading the <ulink url=\"https://help.ubuntu.com/community/PowerUsersTextEditors\">PowerUsersTextEditors</ulink> page. This tutorial has been done on KVM, but the general principle should remain on other virtualization technologies."
4181
2699
msgstr ""
4182
2700
4183
2701
#: serverguide/C/virtualization.xml:516(title)
4185
2703
msgstr ""
4186
2704
4187
2705
#: serverguide/C/virtualization.xml:518(para)
4188
msgid ""
4189
"The name of the package that we need to install is <application>python-vm-"
4190
"builder</application>. In a terminal prompt enter:"
2706
msgid "The name of the package that we need to install is <application>python-vm-builder</application>. In a terminal prompt enter:"
4191
2707
msgstr ""
4192
2708
4193
2709
#: serverguide/C/virtualization.xml:523(command)
4195
2711
msgstr ""
4196
2712
4197
2713
#: serverguide/C/virtualization.xml:527(para)
4198
msgid ""
4199
"If you are running Hardy, you can still perform most of this using the older "
4200
"version of the package named <application>ubuntu-vm-builder</application>, "
4201
"there are only a few changes to the syntax of the tool."
2714
msgid "If you are running Hardy, you can still perform most of this using the older version of the package named <application>ubuntu-vm-builder</application>, there are only a few changes to the syntax of the tool."
4202
2715
msgstr ""
4203
2716
4204
2717
#: serverguide/C/virtualization.xml:536(title)
4206
2719
msgstr ""
4207
2720
4208
2721
#: serverguide/C/virtualization.xml:538(para)
4209
msgid ""
4210
"Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here "
4211
"are a few thing to consider:"
2722
msgid "Defining a virtual machine with Ubuntu's vmbuilder is quite simple, but here are a few thing to consider:"
4212
2723
msgstr ""
4213
2724
4214
2725
#: serverguide/C/virtualization.xml:544(para)
4215
msgid ""
4216
"If you plan on shipping a virtual appliance, do not assume that the end-user "
4217
"will know how to extend disk size to fit their need, so either plan for a "
4218
"large virtual disk to allow for your appliance to grow, or explain fairly "
4219
"well in your documentation how to allocate more space. It might actually be "
4220
"a good idea to store data on some separate external storage."
2726
msgid "If you plan on shipping a virtual appliance, do not assume that the end-user will know how to extend disk size to fit their need, so either plan for a large virtual disk to allow for your appliance to grow, or explain fairly well in your documentation how to allocate more space. It might actually be a good idea to store data on some separate external storage."
4221
2727
msgstr ""
4222
2728
4223
2729
#: serverguide/C/virtualization.xml:551(para)
4224
msgid ""
4225
"Given that RAM is much easier to allocate in a VM, RAM size should be set to "
4226
"whatever you think is a safe minimum for your appliance."
2730
msgid "Given that RAM is much easier to allocate in a VM, RAM size should be set to whatever you think is a safe minimum for your appliance."
4227
2731
msgstr ""
4228
2732
4229
2733
#: serverguide/C/virtualization.xml:557(para)
4230
msgid ""
4231
"The <application>vmbuilder</application> command has 2 main parameters: the "
4232
"<emphasis>virtualization technology (hypervisor)</emphasis> and the targeted "
4233
"<emphasis>distribution</emphasis>. Optional parameters are quite numerous "
4234
"and can be found using the following command:"
2734
msgid "The <application>vmbuilder</application> command has 2 main parameters: the <emphasis>virtualization technology (hypervisor)</emphasis> and the targeted <emphasis>distribution</emphasis>. Optional parameters are quite numerous and can be found using the following command:"
4235
2735
msgstr ""
4236
2736
4237
2737
#: serverguide/C/virtualization.xml:563(command)
4243
2743
msgstr ""
4244
2744
4245
2745
#: serverguide/C/virtualization.xml:569(para)
4246
msgid ""
4247
"As this example is based on <application>KVM</application> and Ubuntu 9.10 "
4248
"(Karmic Koala), and we are likely to rebuild the same virtual machine "
4249
"multiple time, we'll invoke vmbuilder with the following first parameters:"
2746
msgid "As this example is based on <application>KVM</application> and Ubuntu 10.04 LTS (Lucid Lynx), and we are likely to rebuild the same virtual machine multiple time, we'll invoke vmbuilder with the following first parameters:"
4250
2747
msgstr ""
4251
2748
4252
2749
#: serverguide/C/virtualization.xml:575(command)
4253
msgid ""
4254
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4255
"libvirt qemu:///system"
2750
msgid "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --libvirt qemu:///system"
4256
2751
msgstr ""
4257
2752
4258
2753
#: serverguide/C/virtualization.xml:578(para)
4259
msgid ""
4260
"The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--"
4261
"flavour</emphasis> specifies that we want to use the virtual kernel (that's "
4262
"the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells "
4263
"that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells "
4264
"vmbuilder to overwrite the previous version of the VM and the <emphasis>--"
4265
"libvirt</emphasis> tells to inform the local virtualization environment to "
4266
"add the resulting VM to the list of available machines."
2754
msgid "The <emphasis>--suite</emphasis> defines the Ubuntu release, the <emphasis>--flavour</emphasis> specifies that we want to use the virtual kernel (that's the one used to build a JeOS image), the <emphasis>--arch</emphasis> tells that we want to use a 32 bit machine, the <emphasis>-o</emphasis> tells vmbuilder to overwrite the previous version of the VM and the <emphasis>--libvirt</emphasis> tells to inform the local virtualization environment to add the resulting VM to the list of available machines."
4267
2755
msgstr ""
4268
2756
4269
2757
#: serverguide/C/virtualization.xml:586(para)
4271
2759
msgstr ""
4272
2760
4273
2761
#: serverguide/C/virtualization.xml:592(para)
4274
msgid ""
4275
"Because of the nature of operations performed by vmbuilder, it needs to have "
4276
"root privilege, hence the use of sudo."
2762
msgid "Because of the nature of operations performed by vmbuilder, it needs to have root privilege, hence the use of sudo."
4277
2763
msgstr ""
4278
2764
4279
2765
#: serverguide/C/virtualization.xml:597(para)
4280
msgid ""
4281
"If your virtual machine needs to use more than 3Gb of ram, you should build "
4282
"a 64 bit machine (--arch amd64)."
2766
msgid "If your virtual machine needs to use more than 3Gb of ram, you should build a 64 bit machine (--arch amd64)."
4283
2767
msgstr ""
4284
2768
4285
2769
#: serverguide/C/virtualization.xml:602(para)
4286
msgid ""
4287
"Until Ubuntu 8.10, the virtual kernel was only built for 32 bit "
4288
"architecture, so if you want to define an amd64 machine on Hardy, you should "
4289
"use <emphasis>--flavour</emphasis> server instead."
2770
msgid "Until Ubuntu 8.10, the virtual kernel was only built for 32 bit architecture, so if you want to define an amd64 machine on Hardy, you should use <emphasis>--flavour</emphasis> server instead."
4290
2771
msgstr ""
4291
2772
4292
2773
#: serverguide/C/virtualization.xml:610(title)
4302
2783
msgstr ""
4303
2784
4304
2785
#: serverguide/C/virtualization.xml:618(para)
4305
msgid ""
4306
"As a virtual appliance that may be deployed on various very different "
4307
"networks, it is very difficult to know what the actual network will look "
4308
"like. In order to simplify configuration, it is a good idea to take an "
4309
"approach similar to what network hardware vendors usually do, namely "
4310
"assigning an initial fixed IP address to the appliance in a private class "
4311
"network that you will provide in your documentation. An address in the range "
4312
"192.168.0.0/255 is usually a good choice."
2786
msgid "As a virtual appliance that may be deployed on various very different networks, it is very difficult to know what the actual network will look like. In order to simplify configuration, it is a good idea to take an approach similar to what network hardware vendors usually do, namely assigning an initial fixed IP address to the appliance in a private class network that you will provide in your documentation. An address in the range 192.168.0.0/255 is usually a good choice."
4313
2787
msgstr ""
4314
2788
4315
2789
#: serverguide/C/virtualization.xml:625(para)
4317
2791
msgstr ""
4318
2792
4319
2793
#: serverguide/C/virtualization.xml:631(para)
4320
msgid ""
4321
"<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to "
4322
"dhcp if not specified)"
2794
msgid "<emphasis>--ip ADDRESS</emphasis>: IP address in dotted form (defaults to dhcp if not specified)"
4323
2795
msgstr ""
4324
2796
4325
2797
#: serverguide/C/virtualization.xml:636(para)
4326
msgid ""
4327
"<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: "
4328
"255.255.255.0)"
2798
msgid "<emphasis>--mask VALUE</emphasis>: IP mask in dotted form (default: 255.255.255.0)"
4329
2799
msgstr ""
4330
2800
4331
2801
#: serverguide/C/virtualization.xml:641(para)
4341
2811
msgstr ""
4342
2812
4343
2813
#: serverguide/C/virtualization.xml:656(para)
4344
msgid ""
4345
"<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
2814
msgid "<emphasis>--dns ADDRESS</emphasis>: Name server address (default: X.X.X.1)"
4346
2815
msgstr ""
4347
2816
4348
2817
#: serverguide/C/virtualization.xml:662(para)
4349
msgid ""
4350
"We assume for now that default values are good enough, so the resulting "
4351
"invocation becomes:"
2818
msgid "We assume for now that default values are good enough, so the resulting invocation becomes:"
4352
2819
msgstr ""
4353
2820
4354
2821
#: serverguide/C/virtualization.xml:667(command)
4355
msgid ""
4356
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 -o --"
4357
"libvirt qemu:///system --ip 192.168.0.100"
2822
msgid "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 -o --libvirt qemu:///system --ip 192.168.0.100"
4358
2823
msgstr ""
4359
2824
4360
2825
#: serverguide/C/virtualization.xml:672(title)
4362
2827
msgstr ""
4363
2828
4364
2829
#: serverguide/C/virtualization.xml:674(para)
4365
msgid ""
4366
"Because our appliance will be likely to need to be accessed by remote hosts, "
4367
"we need to configure libvirt so that the appliance uses bridge networking. "
4368
"To do this we use vmbuilder template mechanism to modify the default one."
2830
msgid "Because our appliance will be likely to need to be accessed by remote hosts, we need to configure libvirt so that the appliance uses bridge networking. To do this we use vmbuilder template mechanism to modify the default one."
4369
2831
msgstr ""
4370
2832
4371
2833
#: serverguide/C/virtualization.xml:679(para)
4372
msgid ""
4373
"In our working directory we create the template hierarchy and copy the "
4374
"default template:"
2834
msgid "In our working directory we create the template hierarchy and copy the default template:"
4375
2835
msgstr ""
4376
2836
4377
2837
#: serverguide/C/virtualization.xml:684(command)
4383
2843
msgstr ""
4384
2844
4385
2845
#: serverguide/C/virtualization.xml:688(para)
4386
msgid ""
4387
"We can then edit "
4388
"<filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to "
4389
"change:"
2846
msgid "We can then edit <filename>VMBuilder/plugins/libvirt/templates/libvirtxml.tmpl</filename> to change:"
4390
2847
msgstr ""
4391
2848
4392
2849
#: serverguide/C/virtualization.xml:692(programlisting)
4393
2850
#, no-wrap
4394
msgid ""
4395
"\n"
4396
" <interface type='network'>\n"
4397
" <source network='default'/>\n"
4398
" </interface>\n"
2851
msgid "\n <interface type='network'>\n <source network='default'/>\n </interface>\n"
4399
2852
msgstr ""
4400
2853
4401
2854
#: serverguide/C/virtualization.xml:698(para)
4404
2857
4405
2858
#: serverguide/C/virtualization.xml:702(programlisting)
4406
2859
#, no-wrap
4407
msgid ""
4408
"\n"
4409
" <interface type='bridge'>\n"
4410
" <source bridge='br0'/>\n"
4411
" </interface>\n"
2860
msgid "\n <interface type='bridge'>\n <source bridge='br0'/>\n </interface>\n"
4412
2861
msgstr ""
4413
2862
4414
2863
#: serverguide/C/virtualization.xml:712(title) serverguide/C/installation.xml:407(title)
4416
2865
msgstr ""
4417
2866
4418
2867
#: serverguide/C/virtualization.xml:714(para)
4419
msgid ""
4420
"Partitioning of the virtual appliance will have to take into consideration "
4421
"what you are planning to do with is. Because most appliances want to have a "
4422
"separate storage for data, having a separate <filename>/var</filename> would "
4423
"make sense."
2868
msgid "Partitioning of the virtual appliance will have to take into consideration what you are planning to do with is. Because most appliances want to have a separate storage for data, having a separate <filename>/var</filename> would make sense."
4424
2869
msgstr ""
4425
2870
4426
2871
#: serverguide/C/virtualization.xml:719(para)
4427
msgid ""
4428
"In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
2872
msgid "In order to do this vmbuilder provides us with <emphasis>--part</emphasis>:"
4429
2873
msgstr ""
4430
2874
4431
2875
#: serverguide/C/virtualization.xml:723(programlisting)
4432
2876
#, no-wrap
4433
msgid ""
4434
"\n"
4435
"--part PATH\n"
4436
" Allows to specify a partition table in partfile each line of partfile "
4437
"should specify\n"
4438
" (root first):\n"
4439
" mountpoint size\n"
4440
" where size is in megabytes. You can have up to 4 virtual disks, a new "
4441
"disk starts on a\n"
4442
" line with ’---’. ie :\n"
4443
" root 1000\n"
4444
" /opt 1000\n"
4445
" swap 256\n"
4446
" ---\n"
4447
" /var 2000\n"
4448
" /log 1500\n"
2877
msgid "\n--part PATH\n Allows to specify a partition table in partfile each line of partfile should specify\n (root first):\n mountpoint size\n where size is in megabytes. You can have up to 4 virtual disks, a new disk starts on a\n line with ’---’. ie :\n root 1000\n /opt 1000\n swap 256\n ---\n /var 2000\n /log 1500\n"
4449
2878
msgstr ""
4450
2879
4451
2880
#: serverguide/C/virtualization.xml:738(para)
4452
msgid ""
4453
"In our case we will define a text file name "
4454
"<filename>vmbuilder.partition</filename> which will contain the following:"
2881
msgid "In our case we will define a text file name <filename>vmbuilder.partition</filename> which will contain the following:"
4455
2882
msgstr ""
4456
2883
4457
2884
#: serverguide/C/virtualization.xml:742(programlisting)
4458
2885
#, no-wrap
4459
msgid ""
4460
"\n"
4461
"root 8000\n"
4462
"swap 4000\n"
4463
"---\n"
4464
"/var 20000\n"
2886
msgid "\nroot 8000\nswap 4000\n---\n/var 20000\n"
4465
2887
msgstr ""
4466
2888
4467
2889
#: serverguide/C/virtualization.xml:750(para)
4468
msgid ""
4469
"Note that as we are using virtual disk images, the actual sizes that we put "
4470
"here are maximum sizes for these volumes."
2890
msgid "Note that as we are using virtual disk images, the actual sizes that we put here are maximum sizes for these volumes."
4471
2891
msgstr ""
4472
2892
4473
2893
#: serverguide/C/virtualization.xml:755(para)
4475
2895
msgstr ""
4476
2896
4477
2897
#: serverguide/C/virtualization.xml:760(command)
4478
msgid ""
4479
"sudo vmbuilder kvm ubuntu --suite karmic --flavour virtual --arch i386 \\ -o "
4480
"--libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
2898
msgid "sudo vmbuilder kvm ubuntu --suite lucid --flavour virtual --arch i386 \\ -o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition"
4481
2899
msgstr ""
4482
2900
4483
2901
#: serverguide/C/virtualization.xml:765(para)
4484
msgid ""
4485
"Using a \"\\\" in a command will allow long command strings to wrap to the "
4486
"next line."
2902
msgid "Using a \"\\\" in a command will allow long command strings to wrap to the next line."
4487
2903
msgstr ""
4488
2904
4489
2905
#: serverguide/C/virtualization.xml:772(title)
4491
2907
msgstr ""
4492
2908
4493
2909
#: serverguide/C/virtualization.xml:774(para)
4494
msgid ""
4495
"Again setting up a virtual appliance, you will need to provide a default "
4496
"user and password that is generic so that you can include it in your "
4497
"documentation. We will see later on in this tutorial how we will provide "
4498
"some security by defining a script that will be run the first time a user "
4499
"actually logs in the appliance, that will, among other things, ask him to "
4500
"change his password. In this example I will use <emphasis>'user'</emphasis> "
4501
"as my user name, and <emphasis>'default'</emphasis> as the password."
2910
msgid "Again setting up a virtual appliance, you will need to provide a default user and password that is generic so that you can include it in your documentation. We will see later on in this tutorial how we will provide some security by defining a script that will be run the first time a user actually logs in the appliance, that will, among other things, ask him to change his password. In this example I will use <emphasis>'user'</emphasis> as my user name, and <emphasis>'default'</emphasis> as the password."
4502
2911
msgstr ""
4503
2912
4504
2913
#: serverguide/C/virtualization.xml:782(para)
4506
2915
msgstr ""
4507
2916
4508
2917
#: serverguide/C/virtualization.xml:788(para)
4509
msgid ""
4510
"<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. "
4511
"Default: ubuntu."
2918
msgid "<emphasis>--user USERNAME:</emphasis> Sets the name of the user to be added. Default: ubuntu."
4512
2919
msgstr ""
4513
2920
4514
2921
#: serverguide/C/virtualization.xml:793(para)
4515
msgid ""
4516
"<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be "
4517
"added. Default: Ubuntu."
2922
msgid "<emphasis>--name FULLNAME:</emphasis> Sets the full name of the user to be added. Default: Ubuntu."
4518
2923
msgstr ""
4519
2924
4520
2925
#: serverguide/C/virtualization.xml:798(para)
4521
msgid ""
4522
"<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. "
4523
"Default: ubuntu."
2926
msgid "<emphasis>--pass PASSWORD:</emphasis> Sets the password for the user. Default: ubuntu."
4524
2927
msgstr ""
4525
2928
4526
2929
#: serverguide/C/virtualization.xml:804(para)
4528
2931
msgstr ""
4529
2932
4530
2933
#: serverguide/C/virtualization.xml:809(command)
4531
msgid ""
4532
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -"
4533
"o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ -"
4534
"-user user --name user --pass default"
2934
msgid "sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 \\ -o --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition \\ --user user --name user --pass default"
4535
2935
msgstr ""
4536
2936
4537
2937
#: serverguide/C/virtualization.xml:817(title)
4539
2939
msgstr ""
4540
2940
4541
2941
#: serverguide/C/virtualization.xml:819(para)
4542
msgid ""
4543
"In this example we will be installing a package "
4544
"<application>(Limesurvey)</application> that accesses a "
4545
"<application>MySQL</application> database and has a web interface. We will "
4546
"therefore require our OS to provide us with:"
2942
msgid "In this example we will be installing a package <application>(Limesurvey)</application> that accesses a <application>MySQL</application> database and has a web interface. We will therefore require our OS to provide us with:"
4547
2943
msgstr ""
4548
2944
4549
2945
#: serverguide/C/virtualization.xml:826(para)
4567
2963
msgstr ""
4568
2964
4569
2965
#: serverguide/C/virtualization.xml:833(para)
4570
msgid ""
4571
"This is done using vmbuilder by specifying the --addpkg command multiple "
4572
"times:"
2966
msgid "This is done using vmbuilder by specifying the --addpkg command multiple times:"
4573
2967
msgstr ""
4574
2968
4575
2969
#: serverguide/C/virtualization.xml:837(programlisting)
4576
2970
#, no-wrap
4577
msgid ""
4578
"\n"
4579
"--addpkg PKG\n"
4580
" Install PKG into the guest (can be specfied multiple times)\n"
2971
msgid "\n--addpkg PKG\n Install PKG into the guest (can be specfied multiple times)\n"
4581
2972
msgstr ""
4582
2973
4583
2974
#: serverguide/C/virtualization.xml:842(para)
4584
msgid ""
4585
"However, due to the way vmbuilder operates, packages that have to ask "
4586
"questions to the user during the post install phase are not supported and "
4587
"should instead be installed while interactivity can occur. This is the case "
4588
"of Limesurvey, which we will have to install later, once the user logs in."
2975
msgid "However, due to the way vmbuilder operates, packages that have to ask questions to the user during the post install phase are not supported and should instead be installed while interactivity can occur. This is the case of Limesurvey, which we will have to install later, once the user logs in."
4589
2976
msgstr ""
4590
2977
4591
2978
#: serverguide/C/virtualization.xml:848(para)
4592
msgid ""
4593
"Other packages that ask simple debconf question, such as <application>mysql-"
4594
"server</application> asking to set a password, the package can be installed "
4595
"immediately, but we will have to reconfigure it the first time the user logs "
4596
"in."
2979
msgid "Other packages that ask simple debconf question, such as <application>mysql-server</application> asking to set a password, the package can be installed immediately, but we will have to reconfigure it the first time the user logs in."
4597
2980
msgstr ""
4598
2981
4599
2982
#: serverguide/C/virtualization.xml:854(para)
4600
msgid ""
4601
"If some packages that we need to install are not in main, we need to enable "
4602
"the additional repositories using --comp and --ppa:"
2983
msgid "If some packages that we need to install are not in main, we need to enable the additional repositories using --comp and --ppa:"
4603
2984
msgstr ""
4604
2985
4605
2986
#: serverguide/C/virtualization.xml:858(programlisting)
4606
2987
#, no-wrap
4607
msgid ""
4608
"\n"
4609
"--components COMP1,COMP2,...,COMPN\n"
4610
" A comma separated list of distro components to include (e.g. "
4611
"main,universe). This defaults\n"
4612
" to \"main\"\n"
4613
"--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
2988
msgid "\n--components COMP1,COMP2,...,COMPN\n A comma separated list of distro components to include (e.g. main,universe). This defaults\n to \"main\"\n--ppa=PPA Add ppa belonging to PPA to the vm's sources.list.\n"
4614
2989
msgstr ""
4615
2990
4616
2991
#: serverguide/C/virtualization.xml:865(para)
4617
msgid ""
4618
"Limesurvey not being part of the archive at the moment, we'll specify it's "
4619
"PPA (personal package archive) address so that it is added to the VM "
4620
"<filename>/etc/apt/source.list</filename>, so we add the following options "
4621
"to the command line:"
2992
msgid "Limesurvey not being part of the archive at the moment, we'll specify it's PPA (personal package archive) address so that it is added to the VM <filename>/etc/apt/source.list</filename>, so we add the following options to the command line:"
4622
2993
msgstr ""
4623
2994
4624
2995
#: serverguide/C/virtualization.xml:871(command)
4625
msgid ""
4626
"--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --"
4627
"addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-"
4628
"php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg "
4629
"php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-"
4630
"server --ppa nijaba"
2996
msgid "--addpkg apache2 --addpkg apache2-mpm-prefork --addpkg apache2-utils --addpkg apache2.2-common \\ --addpkg dbconfig-common --addpkg libapache2-mod-php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-server --ppa nijaba"
4631
2997
msgstr ""
4632
2998
4633
2999
#: serverguide/C/virtualization.xml:878(title)
4635
3001
msgstr ""
4636
3002
4637
3003
#: serverguide/C/virtualization.xml:880(para)
4638
msgid ""
4639
"Another convenient tool that we want to have on our appliance is OpenSSH, as "
4640
"it will allow our admins to access the appliance remotely. However, pushing "
4641
"in the wild an appliance with a pre-installed OpenSSH server is a big "
4642
"security risk as all these server will share the same secret key, making it "
4643
"very easy for hackers to target our appliance with all the tools they need "
4644
"to crack it open in a breeze. As for the user password, we will instead rely "
4645
"on a script that will install OpenSSH the first time a user logs in so that "
4646
"the key generated will be different for each appliance. For this we'll use a "
4647
"<emphasis>--firstboot</emphasis> script, as it does not need any user "
4648
"interaction."
3004
msgid "Another convenient tool that we want to have on our appliance is OpenSSH, as it will allow our admins to access the appliance remotely. However, pushing in the wild an appliance with a pre-installed OpenSSH server is a big security risk as all these server will share the same secret key, making it very easy for hackers to target our appliance with all the tools they need to crack it open in a breeze. As for the user password, we will instead rely on a script that will install OpenSSH the first time a user logs in so that the key generated will be different for each appliance. For this we'll use a <emphasis>--firstboot</emphasis> script, as it does not need any user interaction."
4649
3005
msgstr ""
4650
3006
4651
3007
#: serverguide/C/virtualization.xml:892(title)
4657
3013
msgstr ""
4658
3014
4659
3015
#: serverguide/C/virtualization.xml:897(para)
4660
msgid ""
4661
"When vmbuilder creates builds your system, it has to go fetch each one of "
4662
"the packages that composes it over the network to one of the official "
4663
"repositories, which, depending on your internet connection speed and the "
4664
"load of the mirror, can have a big impact on the actual build time. In order "
4665
"to reduce this, it is recommended to either have a local repository (which "
4666
"can be created using <application>apt-mirror</application>) or using a "
4667
"caching proxy such as <application>apt-cache</application>. The later option "
4668
"being much simpler to implement and requiring less disk space, it is the one "
4669
"we will pick in this tutorial. To install it, simply type:"
3016
msgid "When vmbuilder creates builds your system, it has to go fetch each one of the packages that composes it over the network to one of the official repositories, which, depending on your internet connection speed and the load of the mirror, can have a big impact on the actual build time. In order to reduce this, it is recommended to either have a local repository (which can be created using <application>apt-mirror</application>) or using a caching proxy such as <application>apt-cache</application>. The later option being much simpler to implement and requiring less disk space, it is the one we will pick in this tutorial. To install it, simply type:"
4670
3017
msgstr ""
4671
3018
4672
3019
#: serverguide/C/virtualization.xml:907(command)
4674
3021
msgstr ""
4675
3022
4676
3023
#: serverguide/C/virtualization.xml:910(para)
4677
msgid ""
4678
"Once this is complete, your (empty) proxy is ready for use on "
4679
"http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For "
4680
"vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> "
4681
"option:"
3024
msgid "Once this is complete, your (empty) proxy is ready for use on http://mirroraddress:9999 and will find ubuntu repository under /ubuntu. For vmbuilder to use it, we'll have to use the <emphasis>--mirror</emphasis> option:"
4682
3025
msgstr ""
4683
3026
4684
3027
#: serverguide/C/virtualization.xml:915(programlisting)
4685
3028
#, no-wrap
4686
msgid ""
4687
"\n"
4688
"--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n"
4689
" is http://archive.ubuntu.com/ubuntu for official\n"
4690
" arches and http://ports.ubuntu.com/ubuntu-ports\n"
4691
" otherwise\n"
3029
msgid "\n--mirror=URL Use Ubuntu mirror at URL instead of the default, which\n is http://archive.ubuntu.com/ubuntu for official\n arches and http://ports.ubuntu.com/ubuntu-ports\n otherwise\n"
4692
3030
msgstr ""
4693
3031
4694
3032
#: serverguide/C/virtualization.xml:922(para)
4700
3038
msgstr ""
4701
3039
4702
3040
#: serverguide/C/virtualization.xml:931(para)
4703
msgid ""
4704
"The mirror address specified here will also be used in the "
4705
"<filename>/etc/apt/source.list</filename> of the newly created guest, so it "
4706
"is usefull to specify here an address that can be resolved by the guest or "
4707
"to plan on reseting this address later on, such as in a <emphasis>--"
4708
"firstboot</emphasis> script."
3041
msgid "The mirror address specified here will also be used in the <filename>/etc/apt/source.list</filename> of the newly created guest, so it is usefull to specify here an address that can be resolved by the guest or to plan on reseting this address later on, such as in a <emphasis>--firstboot</emphasis> script."
4709
3042
msgstr ""
4710
3043
4711
3044
#: serverguide/C/virtualization.xml:940(title)
4713
3046
msgstr ""
4714
3047
4715
3048
#: serverguide/C/virtualization.xml:942(para)
4716
msgid ""
4717
"If we are in a larger environment, it may make sense to setup a local mirror "
4718
"of the Ubuntu repositories. The package apt-mirror provides you with a "
4719
"script that will handle the mirroring for you. You should plan on having "
4720
"about 20 gigabyte of free space per supported release and architecture."
3049
msgid "If we are in a larger environment, it may make sense to setup a local mirror of the Ubuntu repositories. The package apt-mirror provides you with a script that will handle the mirroring for you. You should plan on having about 20 gigabyte of free space per supported release and architecture."
4721
3050
msgstr ""
4722
3051
4723
3052
#: serverguide/C/virtualization.xml:948(para)
4724
msgid ""
4725
"By default, <application>apt-mirror</application> uses the configuration "
4726
"file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will "
4727
"replicate only the architecture of the local machine. If you would like to "
4728
"support other architectures on your mirror, simply duplicate the lines "
4729
"starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can "
4730
"be i386, amd64, etc... For example, on an amd64 machine, to have the i386 "
4731
"archives as well, you will have:"
3053
msgid "By default, <application>apt-mirror</application> uses the configuration file in <filename>/etc/apt/mirror.list</filename>. As it is set up, it will replicate only the architecture of the local machine. If you would like to support other architectures on your mirror, simply duplicate the lines starting with “deb”, replacing the deb keyword by /deb-{arch} where arch can be i386, amd64, etc... For example, on an amd64 machine, to have the i386 archives as well, you will have:"
4732
3054
msgstr ""
4733
3055
4734
3056
#: serverguide/C/virtualization.xml:955(programlisting)
4735
3057
#, no-wrap
4736
msgid ""
4737
"\n"
4738
"deb http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4739
"multiverse \n"
4740
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main restricted universe "
4741
"multiverse\n"
4742
"\n"
4743
"deb http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4744
"universe multiverse \n"
4745
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-updates main restricted "
4746
"universe multiverse \n"
4747
"\n"
4748
"deb http://archive.ubuntu.com/ubuntu/ karmic-backports main restricted "
4749
"universe multiverse \n"
4750
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic-backports main restricted "
4751
"universe multiverse \n"
4752
"\n"
4753
"deb http://security.ubuntu.com/ubuntu karmic-security main restricted "
4754
"universe multiverse \n"
4755
"/deb-i386 http://security.ubuntu.com/ubuntu karmic-security main restricted "
4756
"universe multiverse \n"
4757
"\n"
4758
"deb http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4759
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4760
"installer \n"
4761
"/deb-i386 http://archive.ubuntu.com/ubuntu karmic main/debian-installer "
4762
"restricted/debian-installer universe/debian-installer multiverse/debian-"
4763
"installer \n"
3058
msgid "\ndeb http://archive.ubuntu.com/ubuntu lucid main restricted universe multiverse \n/deb-i386 http://archive.ubuntu.com/ubuntu lucid main restricted universe multiverse\n\ndeb http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe multiverse \n/deb-i386 http://archive.ubuntu.com/ubuntu lucid-updates main restricted universe multiverse \n\ndeb http://archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse \n/deb-i386 http://archive.ubuntu.com/ubuntu lucid-backports main restricted universe multiverse \n\ndeb http://security.ubuntu.com/ubuntu lucid-security main restricted universe multiverse \n/deb-i386 http://security.ubuntu.com/ubuntu lucid-security main restricted universe multiverse \n\ndeb http://archive.ubuntu.com/ubuntu lucid main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer \n/deb-i386 http://archive.ubuntu.com/ubuntu lucid main/debian-installer restricted/debian-installer universe/debian-installer multiverse/debian-installer \n"
4764
3059
msgstr ""
4765
3060
4766
3061
#: serverguide/C/virtualization.xml:972(para)
4767
msgid ""
4768
"Notice that the source packages are not mirrored as they are seldom used "
4769
"compared to the binaries and they do take a lot more space, but they can be "
4770
"easily added to the list."
3062
msgid "Notice that the source packages are not mirrored as they are seldom used compared to the binaries and they do take a lot more space, but they can be easily added to the list."
4771
3063
msgstr ""
4772
3064
4773
3065
#: serverguide/C/virtualization.xml:977(para)
4774
msgid ""
4775
"Once the mirror has finished replicating (and this can be quite long), you "
4776
"need to configure Apache so that your mirror files (in "
4777
"<filename>/var/spool/apt-mirror</filename> if you did not change the "
4778
"default), are published by your Apache server. For more information on "
4779
"Apache see <xref linkend=\"httpd\"/>."
3066
msgid "Once the mirror has finished replicating (and this can be quite long), you need to configure Apache so that your mirror files (in <filename>/var/spool/apt-mirror</filename> if you did not change the default), are published by your Apache server. For more information on Apache see <xref linkend=\"httpd\"/>."
4780
3067
msgstr ""
4781
3068
4782
3069
#: serverguide/C/virtualization.xml:986(title)
4784
3071
msgstr ""
4785
3072
4786
3073
#: serverguide/C/virtualization.xml:988(para)
4787
msgid ""
4788
"As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> "
4789
"faster than writing to disk. If you have some free memory, letting vmbuilder "
4790
"perform its operation in a RAMdisk will help a lot and the option <emphasis>-"
4791
"-tmpfs</emphasis> will help you do just that:"
3074
msgid "As you can easily imagine, writing to RAM is a <emphasis>LOT</emphasis> faster than writing to disk. If you have some free memory, letting vmbuilder perform its operation in a RAMdisk will help a lot and the option <emphasis>--tmpfs</emphasis> will help you do just that:"
4792
3075
msgstr ""
4793
3076
4794
3077
#: serverguide/C/virtualization.xml:994(programlisting)
4795
3078
#, no-wrap
4796
msgid ""
4797
"\n"
4798
"--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n"
4799
" size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
3079
msgid "\n--tmpfs OPTS Use a tmpfs as the working directory, specifying its\n size or \"-\" to use tmpfs default (suid,dev,size=1G).\n"
4800
3080
msgstr ""
4801
3081
4802
3082
#: serverguide/C/virtualization.xml:999(para)
4803
msgid ""
4804
"So adding <command>--tmpfs -</command> sounds like a very good idea if you "
4805
"have 1G of free ram."
3083
msgid "So adding <command>--tmpfs -</command> sounds like a very good idea if you have 1G of free ram."
4806
3084
msgstr ""
4807
3085
4808
3086
#: serverguide/C/virtualization.xml:1006(title)
4814
3092
msgstr ""
4815
3093
4816
3094
#: serverguide/C/virtualization.xml:1014(para)
4817
msgid ""
4818
"The recommended method to do so is to make a <emphasis>Debian</emphasis> "
4819
"package. Since this is outside of the scope of this tutorial, we will not "
4820
"perform this here and invite the reader to read the documentation on how to "
4821
"do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu "
4822
"Packaging Guide</ulink>. In this case it is also a good idea to setup a "
4823
"repository for your package so that updates can be conveniently pulled from "
4824
"it. See the <ulink url=\"http://www.debian-"
4825
"administration.org/articles/286\">Debian Administration</ulink> article for "
4826
"a tutorial on this."
3095
msgid "The recommended method to do so is to make a <emphasis>Debian</emphasis> package. Since this is outside of the scope of this tutorial, we will not perform this here and invite the reader to read the documentation on how to do this in the <ulink url=\"https://wiki.ubuntu.com/PackagingGuide\">Ubuntu Packaging Guide</ulink>. In this case it is also a good idea to setup a repository for your package so that updates can be conveniently pulled from it. See the <ulink url=\"http://www.debian-administration.org/articles/286\">Debian Administration</ulink> article for a tutorial on this."
4827
3096
msgstr ""
4828
3097
4829
3098
#: serverguide/C/virtualization.xml:1023(para)
4830
msgid ""
4831
"Manually install the application under <filename>/opt</filename> as "
4832
"recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS "
4833
"guidelines</ulink>."
3099
msgid "Manually install the application under <filename>/opt</filename> as recommended by the <ulink url=\"http://www.pathname.com/fhs/\">FHS guidelines</ulink>."
4834
3100
msgstr ""
4835
3101
4836
3102
#: serverguide/C/virtualization.xml:1030(para)
4837
msgid ""
4838
"In our case we'll use <application>Limesurvey</application> as example web "
4839
"application for which we wish to provide a virtual appliance. As noted "
4840
"before, we've made a version of the package available in a PPA (Personal "
4841
"Package Archive)."
3103
msgid "In our case we'll use <application>Limesurvey</application> as example web application for which we wish to provide a virtual appliance. As noted before, we've made a version of the package available in a PPA (Personal Package Archive)."
4842
3104
msgstr ""
4843
3105
4844
3106
#: serverguide/C/virtualization.xml:1037(title)
4850
3112
msgstr ""
4851
3113
4852
3114
#: serverguide/C/virtualization.xml:1042(para)
4853
msgid ""
4854
"As we mentioned earlier, the first time the machine boots we'll need to "
4855
"install <application>openssh-server</application> so that the key generated "
4856
"for it is unique for each machine. To do this, we'll write a script called "
4857
"<filename>boot.sh</filename> as follows:"
3115
msgid "As we mentioned earlier, the first time the machine boots we'll need to install <application>openssh-server</application> so that the key generated for it is unique for each machine. To do this, we'll write a script called <filename>boot.sh</filename> as follows:"
4858
3116
msgstr ""
4859
3117
4860
3118
#: serverguide/C/virtualization.xml:1048(programlisting)
4861
3119
#, no-wrap
4862
msgid ""
4863
"\n"
4864
"# This script will run the first time the virtual machine boots\n"
4865
"# It is ran as root.\n"
4866
"\n"
4867
"apt-get update\n"
4868
"apt-get install -qqy --force-yes openssh-server\n"
3120
msgid "\n# This script will run the first time the virtual machine boots\n# It is ran as root.\n\napt-get update\napt-get install -qqy --force-yes openssh-server\n"
4869
3121
msgstr ""
4870
3122
4871
3123
#: serverguide/C/virtualization.xml:1056(para)
4872
msgid ""
4873
"And we add the <command>--firstboot boot.sh</command> option to our command "
4874
"line."
3124
msgid "And we add the <command>--firstboot boot.sh</command> option to our command line."
4875
3125
msgstr ""
4876
3126
4877
3127
#: serverguide/C/virtualization.xml:1062(title)
4879
3129
msgstr ""
4880
3130
4881
3131
#: serverguide/C/virtualization.xml:1064(para)
4882
msgid ""
4883
"Mysql and Limesurvey needing some user interaction during their setup, we'll "
4884
"set them up the first time a user logs in using a script named login.sh. "
4885
"We'll also use this script to let the user specify:"
3132
msgid "Mysql and Limesurvey needing some user interaction during their setup, we'll set them up the first time a user logs in using a script named login.sh. We'll also use this script to let the user specify:"
4886
3133
msgstr ""
4887
3134
4888
3135
#: serverguide/C/virtualization.xml:1070(para)
4899
3146
4900
3147
#: serverguide/C/virtualization.xml:1078(programlisting)
4901
3148
#, no-wrap
4902
msgid ""
4903
"\n"
4904
"# This script is ran the first time a user logs in\n"
4905
"\n"
4906
"echo \"Your appliance is about to be finished to be set up.\"\n"
4907
"echo \"In order to do it, we'll need to ask you a few questions,\"\n"
4908
"echo \"starting by changing your user password.\"\n"
4909
"\n"
4910
"passwd\n"
4911
"\n"
4912
"#give the opportunity to change the keyboard\n"
4913
"sudo dpkg-reconfigure console-setup\n"
4914
"\n"
4915
"#configure the mysql server root password\n"
4916
"sudo dpkg-reconfigure mysql-server-5.0\n"
4917
"\n"
4918
"#install limesurvey\n"
4919
"sudo apt-get install -qqy --force-yes limesurvey\n"
4920
"\n"
4921
"echo \"Your appliance is now configured. To use it point your\"\n"
4922
"echo \"browser to http://serverip/limesurvey/admin\"\n"
3149
msgid "\n# This script is ran the first time a user logs in\n\necho \"Your appliance is about to be finished to be set up.\"\necho \"In order to do it, we'll need to ask you a few questions,\"\necho \"starting by changing your user password.\"\n\npasswd\n\n#give the opportunity to change the keyboard\nsudo dpkg-reconfigure console-setup\n\n#configure the mysql server root password\nsudo dpkg-reconfigure mysql-server-5.0\n\n#install limesurvey\nsudo apt-get install -qqy --force-yes limesurvey\n\necho \"Your appliance is now configured. To use it point your\"\necho \"browser to http://serverip/limesurvey/admin\"\n"
4923
3150
msgstr ""
4924
3151
4925
3152
#: serverguide/C/virtualization.xml:1100(para)
4926
msgid ""
4927
"And we add the <command>--firstlogin login.sh</command> option to our "
4928
"command line."
3153
msgid "And we add the <command>--firstlogin login.sh</command> option to our command line."
4929
3154
msgstr ""
4930
3155
4931
3156
#: serverguide/C/virtualization.xml:1107(title)
4937
3162
msgstr ""
4938
3163
4939
3164
#: serverguide/C/virtualization.xml:1112(para)
4940
msgid ""
4941
"To have your system be configured to update itself on a regular basis, we "
4942
"will just install <application>unattended-upgrades</application>, so we add "
4943
"the following option to our command line:"
3165
msgid "To have your system be configured to update itself on a regular basis, we will just install <application>unattended-upgrades</application>, so we add the following option to our command line:"
4944
3166
msgstr ""
4945
3167
4946
3168
#: serverguide/C/virtualization.xml:1118(command)
4948
3170
msgstr ""
4949
3171
4950
3172
#: serverguide/C/virtualization.xml:1121(para)
4951
msgid ""
4952
"As we have put our application package in a PPA, the process will update not "
4953
"only the system, but also the application each time we update the version in "
4954
"the PPA."
3173
msgid "As we have put our application package in a PPA, the process will update not only the system, but also the application each time we update the version in the PPA."
4955
3174
msgstr ""
4956
3175
4957
3176
#: serverguide/C/virtualization.xml:1128(title)
4959
3178
msgstr ""
4960
3179
4961
3180
#: serverguide/C/virtualization.xml:1130(para)
4962
msgid ""
4963
"For your virtual machine to be able to handle restart and shutdown events it "
4964
"is being sent, it is a good idea to install the acpid package as well. To do "
4965
"this we just add the following option:"
3181
msgid "For your virtual machine to be able to handle restart and shutdown events it is being sent, it is a good idea to install the acpid package as well. To do this we just add the following option:"
4966
3182
msgstr ""
4967
3183
4968
3184
#: serverguide/C/virtualization.xml:1136(command)
4978
3194
msgstr ""
4979
3195
4980
3196
#: serverguide/C/virtualization.xml:1149(command)
4981
msgid ""
4982
"sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o "
4983
"\\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --"
4984
"user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-"
4985
"mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg "
4986
"dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --"
4987
"addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --"
4988
"addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-"
4989
"upgrades --addpkg acpid --ppa nijaba \\ --mirror "
4990
"http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --"
4991
"firstlogin login.sh es"
3197
msgid "sudo vmbuilder kvm ubuntu --suite intrepid --flavour virtual --arch i386 -o \\ --libvirt qemu:///system --ip 192.168.0.100 --part vmbuilder.partition --user user \\ --name user --pass default --addpkg apache2 --addpkg apache2-mpm-prefork \\ --addpkg apache2-utils --addpkg apache2.2-common --addpkg dbconfig-common \\ --addpkg libapache2-mod-php5 --addpkg mysql-client --addpkg php5-cli \\ --addpkg php5-gd --addpkg php5-ldap --addpkg php5-mysql --addpkg wwwconfig-common \\ --addpkg mysql-server --addpkg unattended-upgrades --addpkg acpid --ppa nijaba \\ --mirror http://mirroraddress:9999/ubuntu --tmpfs - --firstboot boot.sh \\ --firstlogin login.sh es"
4992
3198
msgstr ""
4993
3199
4994
3200
#: serverguide/C/virtualization.xml:1164(para)
4995
msgid ""
4996
"If you are interested in learning more, have questions or suggestions, "
4997
"please contact the Ubuntu Server Team at:"
3201
msgid "If you are interested in learning more, have questions or suggestions, please contact the Ubuntu Server Team at:"
4998
3202
msgstr ""
4999
3203
5000
3204
#: serverguide/C/virtualization.xml:1169(para)
5002
3206
msgstr ""
5003
3207
5004
3208
#: serverguide/C/virtualization.xml:1174(para)
5005
msgid ""
5006
"Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-"
5007
"server\">ubuntu-server at lists.ubuntu.com</ulink>"
3209
msgid "Mailing list: <ulink url=\"https://lists.ubuntu.com/mailman/listinfo/ubuntu-server\">ubuntu-server at lists.ubuntu.com</ulink>"
5008
3210
msgstr ""
5009
3211
5010
3212
#: serverguide/C/virtualization.xml:1182(title)
5011
3213
msgid "Eucalyptus"
5012
3214
msgstr ""
5013
3215
5014
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1683(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:879(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
3216
#: serverguide/C/virtualization.xml:1185(title) serverguide/C/network-auth.xml:1813(title) serverguide/C/monitoring.xml:15(title) serverguide/C/lamp-applications.xml:17(title) serverguide/C/installation.xml:881(title) serverguide/C/dns.xml:64(title) serverguide/C/chat.xml:17(title) serverguide/C/backups.xml:541(title)
5015
3217
msgid "Overview"
5016
3218
msgstr ""
5017
3219
5018
3220
#: serverguide/C/virtualization.xml:1187(para)
5019
msgid ""
5020
"<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure "
5021
"for implementing \"cloud computing\" on your own clusters. "
5022
"<emphasis>Eucalyptus</emphasis> allows you to create your own cloud "
5023
"computing environment in order to maximize computing resources and provide a "
5024
"cloud computing environment to your users."
3221
msgid "<emphasis>Eucalyptus</emphasis> is an open-source software infrastructure for implementing \"cloud computing\" on your own clusters. <emphasis>Eucalyptus</emphasis> allows you to create your own cloud computing environment in order to maximize computing resources and provide a cloud computing environment to your users."
5025
3222
msgstr ""
5026
3223
5027
3224
#: serverguide/C/virtualization.xml:1193(para)
5028
msgid ""
5029
"This section will cover setting up a Cloud Computing environment using "
5030
"<application>Eucalyptus</application> with <application>KVM</application>. "
5031
"For more information on KVM see <xref linkend=\"libvirt\"/>."
3225
msgid "This section will cover setting up a Cloud Computing environment using <application>Eucalyptus</application> with <application>KVM</application>. For more information on KVM see <xref linkend=\"libvirt\"/>."
5032
3226
msgstr ""
5033
3227
5034
3228
#: serverguide/C/virtualization.xml:1198(para)
5035
msgid ""
5036
"The Cloud Computing environment will consist of three components, typically "
5037
"installed on at least two separate machines (termed the 'front-end' and "
5038
"'node(s)' for the rest of this document):"
3229
msgid "The Cloud Computing environment will consist of three components, typically installed on at least two separate machines (termed the 'front-end' and 'node(s)' for the rest of this document):"
5039
3230
msgstr ""
5040
3231
5041
3232
#: serverguide/C/virtualization.xml:1205(para)
5042
msgid ""
5043
"<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based "
5044
"Web configuration interface, and a Cluster Controller, which determines "
5045
"where virtual machines (VMs) will be housed and manages cluster level VM "
5046
"networking."
3233
msgid "<emphasis>One Front-End:</emphasis> hosts one Cloud Controller, a Java based Web configuration interface, and a Cluster Controller, which determines where virtual machines (VMs) will be housed and manages cluster level VM networking."
5047
3234
msgstr ""
5048
3235
5049
3236
#: serverguide/C/virtualization.xml:1211(para)
5050
msgid ""
5051
"<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller "
5052
"component of Eucalyptus, which allows the machine to be part of the cloud as "
5053
"a host for VMs."
3237
msgid "<emphasis>One or more Compute Nodes:</emphasis> runs the Node Controller component of Eucalyptus, which allows the machine to be part of the cloud as a host for VMs."
5054
3238
msgstr ""
5055
3239
5056
3240
#: serverguide/C/virtualization.xml:1218(para)
5057
msgid ""
5058
"The simple <emphasis>System</emphasis> networking option will be used by "
5059
"default. This network method allows virtual machine instances, to obtain IP "
5060
"addresses from the local LAN, assuming that a DHCP server is properly "
5061
"configured on the LAN to hand out IPs dynamically to VMs that request them. "
5062
"Each node will be configured for bridge networking. For more details see "
5063
"<xref linkend=\"bridging\"/>."
3241
msgid "The simple <emphasis>System</emphasis> networking option will be used by default. This network method allows virtual machine instances, to obtain IP addresses from the local LAN, assuming that a DHCP server is properly configured on the LAN to hand out IPs dynamically to VMs that request them. Each node will be configured for bridge networking. For more details see <xref linkend=\"bridging\"/>."
5064
3242
msgstr ""
5065
3243
5066
3244
#: serverguide/C/virtualization.xml:1228(para)
5067
msgid ""
5068
"First, on the <emphasis>Front-End</emphasis> install the appropriate "
5069
"packages. In a terminal prompt on the Front-End enter:"
3245
msgid "First, on the <emphasis>Front-End</emphasis> install the appropriate packages. In a terminal prompt on the Front-End enter:"
5070
3246
msgstr ""
5071
3247
5072
3248
#: serverguide/C/virtualization.xml:1233(command)
5074
3250
msgstr ""
5075
3251
5076
3252
#: serverguide/C/virtualization.xml:1236(para)
5077
msgid ""
5078
"Next, on the each <emphasis>Compute Node</emphasis> install the node "
5079
"controller package. In a terminal prompt on each Compute Node enter:"
3253
msgid "Next, on the each <emphasis>Compute Node</emphasis> install the node controller package. In a terminal prompt on each Compute Node enter:"
5080
3254
msgstr ""
5081
3255
5082
3256
#: serverguide/C/virtualization.xml:1241(command)
5084
3258
msgstr ""
5085
3259
5086
3260
#: serverguide/C/virtualization.xml:1244(para)
5087
msgid ""
5088
"Once the installation is complete, and it may take a while, in a browser go "
5089
"to <emphasis>https://front-end:8443</emphasis> and login to the "
5090
"administration interface using the default username and password of "
5091
"<emphasis>admin</emphasis>. You will then be prompted to change the "
5092
"password, configure an email address for the admin user, and set the storage "
5093
"URL."
3261
msgid "Once the installation is complete, and it may take a while, in a browser go to <emphasis>https://front-end:8443</emphasis> and login to the administration interface using the default username and password of <emphasis>admin</emphasis>. You will then be prompted to change the password, configure an email address for the admin user, and set the storage URL."
5094
3262
msgstr ""
5095
3263
5096
3264
#: serverguide/C/virtualization.xml:1250(para)
5097
msgid ""
5098
"In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a "
5099
"cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this "
5100
"configuration, the cluster controller is on the same system as the cloud "
5101
"controller, so entering 'localhost' as the cluster hostname is correct). "
5102
"Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> "
5103
"button."
3265
msgid "In the web interface's <emphasis>\"Configuration\"</emphasis> tab, add a cluster under the <emphasis>\"Clusters\"</emphasis> heading (in this configuration, the cluster controller is on the same system as the cloud controller, so entering 'localhost' as the cluster hostname is correct). Once the form is filled out click the <emphasis>\"Add Cluster\"</emphasis> button."
5104
3266
msgstr ""
5105
3267
5106
3268
#: serverguide/C/virtualization.xml:1256(para)
5107
msgid ""
5108
"Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the "
5109
"cluster:"
3269
msgid "Now, back on the <emphasis>Front-End</emphasis>, add the nodes to the cluster:"
5110
3270
msgstr ""
5111
3271
5112
3272
#: serverguide/C/virtualization.xml:1261(command)
5114
3274
msgstr ""
5115
3275
5116
3276
#: serverguide/C/virtualization.xml:1264(para)
5117
msgid ""
5118
"You will then be prompted to log into your Node, install the "
5119
"<application>eucalyptus-nc</application> package, and add the "
5120
"<emphasis>eucalyptus</emphasis> user's ssh key to the node's "
5121
"<filename>authorized_keys</filename> file, and confirm authenticity of the "
5122
"host's OpenSSH RSA key fingerprint. Finally, the command will complete by "
5123
"synchronizing the eucalyptus component keys and node registration is "
5124
"complete."
3277
msgid "You will then be prompted to log into your Node, install the <application>eucalyptus-nc</application> package, and add the <emphasis>eucalyptus</emphasis> user's ssh key to the node's <filename>authorized_keys</filename> file, and confirm authenticity of the host's OpenSSH RSA key fingerprint. Finally, the command will complete by synchronizing the eucalyptus component keys and node registration is complete."
5125
3278
msgstr ""
5126
3279
5127
3280
#: serverguide/C/virtualization.xml:1270(para)
5128
msgid ""
5129
"On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> "
5130
"configuration file will need editing to use your node's bridge interface "
5131
"(assuming here that the interface is named <emphasis>'br0'</emphasis>):"
3281
msgid "On the Node, the <filename>/etc/eucalyptus/eucalyptus.conf</filename> configuration file will need editing to use your node's bridge interface (assuming here that the interface is named <emphasis>'br0'</emphasis>):"
5132
3282
msgstr ""
5133
3283
5134
3284
#: serverguide/C/virtualization.xml:1275(programlisting)
5135
3285
#, no-wrap
5136
msgid ""
5137
"\n"
5138
"VNET_INTERFACE=\"br0\"\n"
5139
"...\n"
5140
"VNET_BRIDGE=\"br0\"\n"
3286
msgid "\nVNET_INTERFACE=\"br0\"\n...\nVNET_BRIDGE=\"br0\"\n"
5141
3287
msgstr ""
5142
3288
5143
3289
#: serverguide/C/virtualization.xml:1281(para)
5149
3295
msgstr ""
5150
3296
5151
3297
#: serverguide/C/virtualization.xml:1291(para)
5152
msgid ""
5153
"Be sure to replace <emphasis>nodecontroller</emphasis>, "
5154
"<emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual "
5155
"hostnames."
3298
msgid "Be sure to replace <emphasis>nodecontroller</emphasis>, <emphasis>node01</emphasis>, and <emphasis>node02</emphasis> with actual hostnames."
5156
3299
msgstr ""
5157
3300
5158
3301
#: serverguide/C/virtualization.xml:1297(para)
5159
msgid ""
5160
"<application>Eucalyptus</application> is now ready to host images on the "
5161
"cloud."
3302
msgid "<application>Eucalyptus</application> is now ready to host images on the cloud."
5162
3303
msgstr ""
5163
3304
5164
3305
#: serverguide/C/virtualization.xml:1307(para)
5165
msgid ""
5166
"See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus "
5167
"website</ulink> for more information."
3306
msgid "See the <ulink url=\"http://eucalyptus.cs.ucsb.edu/\">Eucalyptus website</ulink> for more information."
5168
3307
msgstr ""
5169
3308
5170
3309
#: serverguide/C/virtualization.xml:1312(para)
5171
msgid ""
5172
"For information on loading instances see the <ulink "
5173
"url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> "
5174
"page."
3310
msgid "For information on loading instances see the <ulink url=\"https://help.ubuntu.com/community/Eucalyptus\">Eucalyptus Wiki</ulink> page."
5175
3311
msgstr ""
5176
3312
5177
3313
#: serverguide/C/virtualization.xml:1317(para)
5178
msgid ""
5179
"You can also find help in the <emphasis>#ubuntu-virt</emphasis>, "
5180
"<emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> "
5181
"IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
3314
msgid "You can also find help in the <emphasis>#ubuntu-virt</emphasis>, <emphasis>#eucalyptus</emphasis>, and <emphasis>#ubuntu-server</emphasis> IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5182
3315
msgstr ""
5183
3316
5184
3317
#: serverguide/C/virtualization.xml:1327(title)
5186
3319
msgstr ""
5187
3320
5188
3321
#: serverguide/C/virtualization.xml:1329(para)
5189
msgid ""
5190
"<application>OpenNebula</application> allows virtual machines to be placed "
5191
"and re-placed dynamically on a pool of physical resources. This allows a "
5192
"virtual machine to be hosted from any location available."
3322
msgid "<application>OpenNebula</application> allows virtual machines to be placed and re-placed dynamically on a pool of physical resources. This allows a virtual machine to be hosted from any location available."
5193
3323
msgstr ""
5194
3324
5195
3325
#: serverguide/C/virtualization.xml:1334(para)
5196
msgid ""
5197
"This section will detail configuring an OpenNebula cluster using three "
5198
"machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute "
5199
"Nodes</emphasis> used to run the virtual machines. The Compute Nodes will "
5200
"also need a bridge configured to allow the virtual machines access to the "
5201
"local network. For details see <xref linkend=\"bridging\"/>."
3326
msgid "This section will detail configuring an OpenNebula cluster using three machines: one <emphasis>Front-End</emphasis> host, and two <emphasis>Compute Nodes</emphasis> used to run the virtual machines. The Compute Nodes will also need a bridge configured to allow the virtual machines access to the local network. For details see <xref linkend=\"bridging\"/>."
5202
3327
msgstr ""
5203
3328
5204
3329
#: serverguide/C/virtualization.xml:1343(para)
5218
3343
msgstr ""
5219
3344
5220
3345
#: serverguide/C/virtualization.xml:1359(para)
5221
msgid ""
5222
"In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need "
5223
"to have a password. On each machine execute:"
3346
msgid "In order to copy SSH keys, the <emphasis>oneadmin</emphasis> user will need to have a password. On each machine execute:"
5224
3347
msgstr ""
5225
3348
5226
3349
#: serverguide/C/virtualization.xml:1364(command)
5228
3351
msgstr ""
5229
3352
5230
3353
#: serverguide/C/virtualization.xml:1367(para)
5231
msgid ""
5232
"Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute "
5233
"Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
3354
msgid "Next, copy the <emphasis>oneadmin</emphasis> user's SSH key to the Compute Nodes, and to the Front-End's <filename>authorized_keys</filename> file:"
5234
3355
msgstr ""
5235
3356
5236
3357
#: serverguide/C/virtualization.xml:1372(command)
5237
msgid ""
5238
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5239
"oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
3358
msgid "sudo scp /var/lib/one/.ssh/id_rsa.pub oneadmin@node01:/var/lib/one/.ssh/authorized_keys"
5240
3359
msgstr ""
5241
3360
5242
3361
#: serverguide/C/virtualization.xml:1373(command)
5243
msgid ""
5244
"sudo scp /var/lib/one/.ssh/id_rsa.pub "
5245
"oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
3362
msgid "sudo scp /var/lib/one/.ssh/id_rsa.pub oneadmin@node02:/var/lib/one/.ssh/authorized_keys"
5246
3363
msgstr ""
5247
3364
5248
3365
#: serverguide/C/virtualization.xml:1374(command)
5249
msgid ""
5250
"sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> "
5251
"/var/lib/one/.ssh/authorized_keys\""
3366
msgid "sudo sh -c \"cat /var/lib/one/.ssh/id_rsa.pub >> /var/lib/one/.ssh/authorized_keys\""
5252
3367
msgstr ""
5253
3368
5254
3369
#: serverguide/C/virtualization.xml:1377(para)
5255
msgid ""
5256
"The SSH key for the Compute Nodes needs to be added to the "
5257
"<filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To "
5258
"accomplish this <application>ssh</application> to each Compute Node as a "
5259
"user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH "
5260
"session, and execute the following to copy the SSH key from "
5261
"<filename>~/.ssh/known_hosts</filename> to "
5262
"<filename>/etc/ssh/ssh_known_hosts</filename>:"
3370
msgid "The SSH key for the Compute Nodes needs to be added to the <filename>/etc/ssh/ssh_known_hosts</filename> file on the Front-End host. To accomplish this <application>ssh</application> to each Compute Node as a user other than <emphasis>oneadmin</emphasis>. Then exit from the SSH session, and execute the following to copy the SSH key from <filename>~/.ssh/known_hosts</filename> to <filename>/etc/ssh/ssh_known_hosts</filename>:"
5263
3371
msgstr ""
5264
3372
5265
3373
#: serverguide/C/virtualization.xml:1384(command)
5266
msgid ""
5267
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> "
5268
"/etc/ssh/ssh_known_hosts\""
3374
msgid "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node01 1>> /etc/ssh/ssh_known_hosts\""
5269
3375
msgstr ""
5270
3376
5271
3377
#: serverguide/C/virtualization.xml:1385(command)
5272
msgid ""
5273
"sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> "
5274
"/etc/ssh/ssh_known_hosts\""
3378
msgid "sudo sh -c \"ssh-keygen -f .ssh/known_hosts -F node02 1>> /etc/ssh/ssh_known_hosts\""
5275
3379
msgstr ""
5276
3380
5277
3381
#: serverguide/C/virtualization.xml:1389(para)
5278
msgid ""
5279
"Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the "
5280
"appropriate host names."
3382
msgid "Replace <emphasis>node01</emphasis> and <emphasis>node02</emphasis> with the appropriate host names."
5281
3383
msgstr ""
5282
3384
5283
3385
#: serverguide/C/virtualization.xml:1394(para)
5284
msgid ""
5285
"This allows the <emphasis>oneadmin</emphasis> to use "
5286
"<application>scp</application>, without a password or manual intervention, "
5287
"to deploy an image to the Compute Nodes."
3386
msgid "This allows the <emphasis>oneadmin</emphasis> to use <application>scp</application>, without a password or manual intervention, to deploy an image to the Compute Nodes."
5288
3387
msgstr ""
5289
3388
5290
3389
#: serverguide/C/virtualization.xml:1399(para)
5291
msgid ""
5292
"On the Front-End create a directory to store the VM images, giving the "
5293
"<emphasis>oneadmin</emphasis> user access to the directory:"
3390
msgid "On the Front-End create a directory to store the VM images, giving the <emphasis>oneadmin</emphasis> user access to the directory:"
5294
3391
msgstr ""
5295
3392
5296
3393
#: serverguide/C/virtualization.xml:1404(command)
5302
3399
msgstr ""
5303
3400
5304
3401
#: serverguide/C/virtualization.xml:1408(para)
5305
msgid ""
5306
"Finally, copy a virtual machine disk file into "
5307
"<filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual "
5308
"machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-"
5309
"and-vmbuilder\"/> for details."
3402
msgid "Finally, copy a virtual machine disk file into <filename>/var/lib/one/images</filename>. You can create an Ubuntu virtual machine using <application>vmbuilder</application>, see <xref linkend=\"jeos-and-vmbuilder\"/> for details."
5310
3403
msgstr ""
5311
3404
5312
3405
#: serverguide/C/virtualization.xml:1417(para)
5313
msgid ""
5314
"The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, "
5315
"and virtual machines added to the cluster."
3406
msgid "The <emphasis>OpenNebula Cluster</emphasis> is now ready to be configured, and virtual machines added to the cluster."
5316
3407
msgstr ""
5317
3408
5318
3409
#: serverguide/C/virtualization.xml:1421(para)
5328
3419
msgstr ""
5329
3420
5330
3421
#: serverguide/C/virtualization.xml:1430(para)
5331
msgid ""
5332
"Next, create a <emphasis>Virtual Network</emphasis> template file named "
5333
"<filename>vnet01.template</filename>:"
3422
msgid "Next, create a <emphasis>Virtual Network</emphasis> template file named <filename>vnet01.template</filename>:"
5334
3423
msgstr ""
5335
3424
5336
3425
#: serverguide/C/virtualization.xml:1434(programlisting)
5337
3426
#, no-wrap
5338
msgid ""
5339
"\n"
5340
"NAME = \"LAN\"\n"
5341
"TYPE = RANGED\n"
5342
"BRIDGE = br0\n"
5343
"NETWORK_SIZE = C\n"
5344
"NETWORK_ADDRESS = 192.168.0.0\n"
3427
msgid "\nNAME = \"LAN\"\nTYPE = RANGED\nBRIDGE = br0\nNETWORK_SIZE = C\nNETWORK_ADDRESS = 192.168.0.0\n"
5345
3428
msgstr ""
5346
3429
5347
3430
#: serverguide/C/virtualization.xml:1443(para)
5348
msgid ""
5349
"Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
3431
msgid "Be sure to change <emphasis>192.168.0.0</emphasis> to your local network."
5350
3432
msgstr ""
5351
3433
5352
3434
#: serverguide/C/virtualization.xml:1448(para)
5353
msgid ""
5354
"Using the <application>onevnet</application> utility, add the virtual "
5355
"network to OpenNebula:"
3435
msgid "Using the <application>onevnet</application> utility, add the virtual network to OpenNebula:"
5356
3436
msgstr ""
5357
3437
5358
3438
#: serverguide/C/virtualization.xml:1453(command)
5360
3440
msgstr ""
5361
3441
5362
3442
#: serverguide/C/virtualization.xml:1456(para)
5363
msgid ""
5364
"Now create a <emphasis>VM Template</emphasis> file named "
5365
"<filename>vm01.template</filename>:"
3443
msgid "Now create a <emphasis>VM Template</emphasis> file named <filename>vm01.template</filename>:"
5366
3444
msgstr ""
5367
3445
5368
3446
#: serverguide/C/virtualization.xml:1460(programlisting)
5369
3447
#, no-wrap
5370
msgid ""
5371
"\n"
5372
"NAME = vm01\n"
5373
"CPU = 0.5\n"
5374
"MEMORY = 512\n"
5375
"\n"
5376
"OS = [ BOOT = hd ]\n"
5377
"\n"
5378
"DISK = [\n"
5379
" source = \"/var/lib/one/images/vm01.qcow2\",\n"
5380
" target = \"hda\",\n"
5381
" readonly = \"no\" ]\n"
5382
"\n"
5383
"NIC = [ NETWORK=\"LAN\" ]\n"
5384
"\n"
5385
"GRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
3448
msgid "\nNAME = vm01\nCPU = 0.5\nMEMORY = 512\n\nOS = [ BOOT = hd ]\n\nDISK = [\n source = \"/var/lib/one/images/vm01.qcow2\",\n target = \"hda\",\n readonly = \"no\" ]\n\nNIC = [ NETWORK=\"LAN\" ]\n\nGRAPHICS = [type=\"vnc\",listen=\"127.0.0.1\",port=\"-1\"]\n"
5386
3449
msgstr ""
5387
3450
5388
3451
#: serverguide/C/virtualization.xml:1477(para)
5394
3457
msgstr ""
5395
3458
5396
3459
#: serverguide/C/virtualization.xml:1485(para)
5397
msgid ""
5398
"Use the <application>onevm list</application> option to view information "
5399
"about virtual machines. Also, the <application>onevm show vm01</application> "
5400
"option will display more details about a specific virtual machine."
3460
msgid "Use the <application>onevm list</application> option to view information about virtual machines. Also, the <application>onevm show vm01</application> option will display more details about a specific virtual machine."
5401
3461
msgstr ""
5402
3462
5403
3463
#: serverguide/C/virtualization.xml:1496(para)
5404
msgid ""
5405
"See the <ulink "
5406
"url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink"
5407
"> for more information."
3464
msgid "See the <ulink url=\"http://www.opennebula.org/doku.php?id=start\">OpenNebula website</ulink> for more information."
5408
3465
msgstr ""
5409
3466
5410
3467
#: serverguide/C/virtualization.xml:1501(para)
5411
msgid ""
5412
"You can also find help in the <emphasis>#ubuntu-virt</emphasis> and "
5413
"<emphasis>#ubuntu-server</emphasis> IRC channels on <ulink "
5414
"url=\"http://freenode.net\">Freenode</ulink>."
3468
msgid "You can also find help in the <emphasis>#ubuntu-virt</emphasis> and <emphasis>#ubuntu-server</emphasis> IRC channels on <ulink url=\"http://freenode.net\">Freenode</ulink>."
5415
3469
msgstr ""
5416
3470
5417
3471
#: serverguide/C/vcs.xml:13(title)
5419
3473
msgstr ""
5420
3474
5421
3475
#: serverguide/C/vcs.xml:14(para)
5422
msgid ""
5423
"Version control is the art of managing changes to information. It has long "
5424
"been a critical tool for programmers, who typically spend their time making "
5425
"small changes to software and then undoing those changes the next day. But "
5426
"the usefulness of version control software extends far beyond the bounds of "
5427
"the software development world. Anywhere you can find people using computers "
5428
"to manage information that changes often, there is room for version control."
3476
msgid "Version control is the art of managing changes to information. It has long been a critical tool for programmers, who typically spend their time making small changes to software and then undoing those changes the next day. But the usefulness of version control software extends far beyond the bounds of the software development world. Anywhere you can find people using computers to manage information that changes often, there is room for version control."
5429
3477
msgstr ""
5430
3478
5431
3479
#: serverguide/C/vcs.xml:17(title)
5433
3481
msgstr ""
5434
3482
5435
3483
#: serverguide/C/vcs.xml:18(para)
5436
msgid ""
5437
"Bazaar is a new version control system sponsored by Canonical, the "
5438
"commercial company behind Ubuntu. Unlike Subversion and CVS that only "
5439
"support a central repository model, Bazaar also supports "
5440
"<emphasis>distributed version control</emphasis>, giving people the ability "
5441
"to collaborate more efficiently. In particular, Bazaar is designed to "
5442
"maximize the level of community participation in open source projects."
3484
msgid "Bazaar is a new version control system sponsored by Canonical, the commercial company behind Ubuntu. Unlike Subversion and CVS that only support a central repository model, Bazaar also supports <emphasis>distributed version control</emphasis>, giving people the ability to collaborate more efficiently. In particular, Bazaar is designed to maximize the level of community participation in open source projects."
5443
3485
msgstr ""
5444
3486
5445
3487
#: serverguide/C/vcs.xml:29(para)
5446
msgid ""
5447
"At a terminal prompt, enter the following command to install "
5448
"<application>bzr</application>: <screen>\n"
5449
"<command>sudo apt-get install bzr</command>\n"
5450
"</screen>"
3488
msgid "At a terminal prompt, enter the following command to install <application>bzr</application>: <screen>\n<command>sudo apt-get install bzr</command>\n</screen>"
5451
3489
msgstr ""
5452
3490
5453
3491
#: serverguide/C/vcs.xml:40(para)
5454
msgid ""
5455
"To introduce yourself to <application>bzr</application>, use the "
5456
"<emphasis>whoami</emphasis> command like this: <screen>\n"
5457
"<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n"
5458
"</screen>"
3492
msgid "To introduce yourself to <application>bzr</application>, use the <emphasis>whoami</emphasis> command like this: <screen>\n<command>$ bzr whoami 'Joe Doe <joe.doe@gmail.com>'</command>\n</screen>"
5459
3493
msgstr ""
5460
3494
5461
3495
#: serverguide/C/vcs.xml:49(title)
5463
3497
msgstr ""
5464
3498
5465
3499
#: serverguide/C/vcs.xml:50(para)
5466
msgid ""
5467
"Bazaar comes with bundled documentation installed into "
5468
"<application>/usr/share/doc/bzr/html</application> by default. The tutorial "
5469
"is a good place to start. The <application>bzr</application> command also "
5470
"comes with built-in help: <screen>\n"
5471
"<command>$ bzr help</command>\n"
5472
"</screen>"
3500
msgid "Bazaar comes with bundled documentation installed into <application>/usr/share/doc/bzr/html</application> by default. The tutorial is a good place to start. The <application>bzr</application> command also comes with built-in help: <screen>\n<command>$ bzr help</command>\n</screen>"
5473
3501
msgstr ""
5474
3502
5475
3503
#: serverguide/C/vcs.xml:60(para)
5476
msgid ""
5477
"To learn more about the <emphasis>foo</emphasis> command: <screen>\n"
5478
"<command>$ bzr help foo</command>\n"
5479
"</screen>"
3504
msgid "To learn more about the <emphasis>foo</emphasis> command: <screen>\n<command>$ bzr help foo</command>\n</screen>"
5480
3505
msgstr ""
5481
3506
5482
3507
#: serverguide/C/vcs.xml:68(title)
5484
3509
msgstr ""
5485
3510
5486
3511
#: serverguide/C/vcs.xml:69(para)
5487
msgid ""
5488
"While highly useful as a stand-alone system, Bazaar has good, optional "
5489
"integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, "
5490
"the collaborative development system used by Canonical and the broader open "
5491
"source community to manage and extend Ubuntu itself. For information on how "
5492
"Bazaar can be used with Launchpad to collaborate on open source projects, "
5493
"see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> "
5494
"http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
3512
msgid "While highly useful as a stand-alone system, Bazaar has good, optional integration with <ulink url=\"https://launchpad.net/\">Launchpad</ulink>, the collaborative development system used by Canonical and the broader open source community to manage and extend Ubuntu itself. For information on how Bazaar can be used with Launchpad to collaborate on open source projects, see <ulink url=\"http://bazaar-vcs.org/LaunchpadIntegration/\"> http://bazaar-vcs.org/LaunchpadIntegration</ulink>."
5495
3513
msgstr ""
5496
3514
5497
3515
#: serverguide/C/vcs.xml:81(title)
5499
3517
msgstr ""
5500
3518
5501
3519
#: serverguide/C/vcs.xml:82(para)
5502
msgid ""
5503
"Subversion is an open source version control system. Using Subversion, you "
5504
"can record the history of source files and documents. It manages files and "
5505
"directories over time. A tree of files is placed into a central repository. "
5506
"The repository is much like an ordinary file server, except that it "
5507
"remembers every change ever made to files and directories."
3520
msgid "Subversion is an open source version control system. Using Subversion, you can record the history of source files and documents. It manages files and directories over time. A tree of files is placed into a central repository. The repository is much like an ordinary file server, except that it remembers every change ever made to files and directories."
5508
3521
msgstr ""
5509
3522
5510
3523
#: serverguide/C/vcs.xml:87(para)
5511
msgid ""
5512
"To access Subversion repository using the HTTP protocol, you must install "
5513
"and configure a web server. Apache2 is proven to work with Subversion. "
5514
"Please refer to the HTTP subsection in the Apache2 section to install and "
5515
"configure Apache2. To access the Subversion repository using the HTTPS "
5516
"protocol, you must install and configure a digital certificate in your "
5517
"Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 "
5518
"section to install and configure the digital certificate."
3524
msgid "To access Subversion repository using the HTTP protocol, you must install and configure a web server. Apache2 is proven to work with Subversion. Please refer to the HTTP subsection in the Apache2 section to install and configure Apache2. To access the Subversion repository using the HTTPS protocol, you must install and configure a digital certificate in your Apache 2 web server. Please refer to the HTTPS subsection in the Apache2 section to install and configure the digital certificate."
5519
3525
msgstr ""
5520
3526
5521
3527
#: serverguide/C/vcs.xml:96(para)
5522
msgid ""
5523
"To install Subversion, run the following command from a terminal prompt:"
3528
msgid "To install Subversion, run the following command from a terminal prompt:"
5524
3529
msgstr ""
5525
3530
5526
3531
#: serverguide/C/vcs.xml:101(command)
5528
3533
msgstr ""
5529
3534
5530
3535
#: serverguide/C/vcs.xml:108(para)
5531
msgid ""
5532
"This step assumes you have installed above mentioned packages on your "
5533
"system. This section explains how to create a Subversion repository and "
5534
"access the project."
3536
msgid "This step assumes you have installed above mentioned packages on your system. This section explains how to create a Subversion repository and access the project."
5535
3537
msgstr ""
5536
3538
5537
3539
#: serverguide/C/vcs.xml:111(title)
5539
3541
msgstr ""
5540
3542
5541
3543
#: serverguide/C/vcs.xml:112(para)
5542
msgid ""
5543
"The Subversion repository can be created using the following command from a "
5544
"terminal prompt:"
3544
msgid "The Subversion repository can be created using the following command from a terminal prompt:"
5545
3545
msgstr ""
5546
3546
5547
3547
#: serverguide/C/vcs.xml:116(command)
5553
3553
msgstr ""
5554
3554
5555
3555
#: serverguide/C/vcs.xml:122(para)
5556
msgid ""
5557
"Once you create the repository you can <emphasis>import</emphasis> files "
5558
"into the repository. To import a directory, enter the following from a "
5559
"terminal prompt: <screen>\n"
5560
"<command>svn import /path/to/import/directory "
5561
"file:///path/to/repos/project</command>\n"
5562
"</screen>"
3556
msgid "Once you create the repository you can <emphasis>import</emphasis> files into the repository. To import a directory, enter the following from a terminal prompt: <screen>\n<command>svn import /path/to/import/directory file:///path/to/repos/project</command>\n</screen>"
5563
3557
msgstr ""
5564
3558
5565
3559
#: serverguide/C/vcs.xml:134(title) serverguide/C/vcs.xml:139(title)
5567
3561
msgstr ""
5568
3562
5569
3563
#: serverguide/C/vcs.xml:135(para)
5570
msgid ""
5571
"Subversion repositories can be accessed (checked out) through many different "
5572
"methods --on local disk, or through various network protocols. A repository "
5573
"location, however, is always a URL. The table describes how different URL "
5574
"schemes map to the available access methods."
3564
msgid "Subversion repositories can be accessed (checked out) through many different methods --on local disk, or through various network protocols. A repository location, however, is always a URL. The table describes how different URL schemes map to the available access methods."
5575
3565
msgstr ""
5576
3566
5577
3567
#: serverguide/C/vcs.xml:146(para)
5623
3613
msgstr ""
5624
3614
5625
3615
#: serverguide/C/vcs.xml:175(para)
5626
msgid ""
5627
"In this section, we will see how to configure Subversion for all these "
5628
"access methods. Here, we cover the basics. For more advanced usage details, "
5629
"refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
3616
msgid "In this section, we will see how to configure Subversion for all these access methods. Here, we cover the basics. For more advanced usage details, refer to the <ulink url=\"http://svnbook.red-bean.com/\">svn book</ulink>."
5630
3617
msgstr ""
5631
3618
5632
3619
#: serverguide/C/vcs.xml:182(title)
5634
3621
msgstr ""
5635
3622
5636
3623
#: serverguide/C/vcs.xml:183(para)
5637
msgid ""
5638
"This is the simplest of all access methods. It does not require any "
5639
"Subversion server process to be running. This access method is used to "
5640
"access Subversion from the same machine. The syntax of the command, entered "
5641
"at a terminal prompt, is as follows:"
3624
msgid "This is the simplest of all access methods. It does not require any Subversion server process to be running. This access method is used to access Subversion from the same machine. The syntax of the command, entered at a terminal prompt, is as follows:"
5642
3625
msgstr ""
5643
3626
5644
3627
#: serverguide/C/vcs.xml:190(command)
5654
3637
msgstr ""
5655
3638
5656
3639
#: serverguide/C/vcs.xml:200(para)
5657
msgid ""
5658
"If you do not specify the hostname, there are three forward slashes (///) -- "
5659
"two for the protocol (file, in this case) plus the leading slash in the "
5660
"path. If you specify the hostname, you must use two forward slashes (//)."
3640
msgid "If you do not specify the hostname, there are three forward slashes (///) -- two for the protocol (file, in this case) plus the leading slash in the path. If you specify the hostname, you must use two forward slashes (//)."
5661
3641
msgstr ""
5662
3642
5663
3643
#: serverguide/C/vcs.xml:202(para)
5664
msgid ""
5665
"The repository permissions depend on filesystem permissions. If the user has "
5666
"read/write permission, he can checkout from and commit to the repository."
3644
msgid "The repository permissions depend on filesystem permissions. If the user has read/write permission, he can checkout from and commit to the repository."
5667
3645
msgstr ""
5668
3646
5669
3647
#: serverguide/C/vcs.xml:205(title)
5671
3649
msgstr ""
5672
3650
5673
3651
#: serverguide/C/vcs.xml:206(para)
5674
msgid ""
5675
"To access the Subversion repository via WebDAV protocol, you must configure "
5676
"your Apache 2 web server. You must add the following snippet in your "
5677
"<filename>/etc/apache2/apache2.conf</filename> file:"
3652
msgid "To access the Subversion repository via WebDAV protocol, you must configure your Apache 2 web server. You must add the following snippet in your <filename>/etc/apache2/apache2.conf</filename> file:"
5678
3653
msgstr ""
5679
3654
5680
3655
#: serverguide/C/vcs.xml:208(programlisting)
5681
3656
#, no-wrap
5682
msgid ""
5683
"\n"
5684
" <Location /svn>\n"
5685
" DAV svn\n"
5686
" SVNParentPath /home/svn\n"
5687
" AuthType Basic\n"
5688
" AuthName \"Your repository name\"\n"
5689
" AuthUserFile /etc/subversion/passwd\n"
5690
" Require valid-user\n"
5691
" </Location> \n"
3657
msgid "\n <Location /svn>\n DAV svn\n SVNParentPath /home/svn\n AuthType Basic\n AuthName \"Your repository name\"\n AuthUserFile /etc/subversion/passwd\n Require valid-user\n </Location> \n"
5692
3658
msgstr ""
5693
3659
5694
3660
#: serverguide/C/vcs.xml:219(para)
5695
msgid ""
5696
"The above configuration snippet assumes that Subversion repositories are "
5697
"created under <filename>/home/svn/</filename> directory using "
5698
"<command>svnadmin</command> command. They can be accessible using "
5699
"<command>htpp://hostname/svn/repos_name</command> url."
3661
msgid "The above configuration snippet assumes that Subversion repositories are created under <filename>/home/svn/</filename> directory using <command>svnadmin</command> command. They can be accessible using <command>http://hostname/svn/repos_name</command> url."
5700
3662
msgstr ""
5701
3663
5702
3664
#: serverguide/C/vcs.xml:225(para)
5703
msgid ""
5704
"To import or commit files to your Subversion repository over HTTP, the "
5705
"repository should be owned by the HTTP user. In Ubuntu systems, normally the "
5706
"HTTP user is <command>www-data</command>. To change the ownership of the "
5707
"repository files enter the following command from terminal prompt:"
3665
msgid "To import or commit files to your Subversion repository over HTTP, the repository should be owned by the HTTP user. In Ubuntu systems, normally the HTTP user is <command>www-data</command>. To change the ownership of the repository files enter the following command from terminal prompt:"
5708
3666
msgstr ""
5709
3667
5710
3668
#: serverguide/C/vcs.xml:234(command)
5712
3670
msgstr ""
5713
3671
5714
3672
#: serverguide/C/vcs.xml:237(para)
5715
msgid ""
5716
"By changing the ownership of repository as <command>www-data</command> you "
5717
"will not be able to import or commit files into the repository by running "
5718
"<command>svn import file:///</command> command as any user other than "
5719
"<command>www-data</command>."
3673
msgid "By changing the ownership of repository as <command>www-data</command> you will not be able to import or commit files into the repository by running <command>svn import file:///</command> command as any user other than <command>www-data</command>."
5720
3674
msgstr ""
5721
3675
5722
3676
#: serverguide/C/vcs.xml:246(para)
5723
msgid ""
5724
"Next, you must create the <filename>/etc/subversion/passwd</filename> file "
5725
"that will contain user authentication details. To create a file issue the "
5726
"following command at a command prompt (which will create the file and add "
5727
"the first user):"
3677
msgid "Next, you must create the <filename>/etc/subversion/passwd</filename> file that will contain user authentication details. To create a file issue the following command at a command prompt (which will create the file and add the first user):"
5728
3678
msgstr ""
5729
3679
5730
3680
#: serverguide/C/vcs.xml:252(command)
5732
3682
msgstr ""
5733
3683
5734
3684
#: serverguide/C/vcs.xml:255(para)
5735
msgid ""
5736
"To add additional users omit the <emphasis>\"-c\"</emphasis> option as this "
5737
"option replaces the old file. Instead use this form:"
3685
msgid "To add additional users omit the <emphasis>\"-c\"</emphasis> option as this option replaces the old file. Instead use this form:"
5738
3686
msgstr ""
5739
3687
5740
3688
#: serverguide/C/vcs.xml:260(command)
5742
3690
msgstr ""
5743
3691
5744
3692
#: serverguide/C/vcs.xml:264(para)
5745
msgid ""
5746
"This command will prompt you to enter the password. Once you enter the "
5747
"password, the user is added. Now, to access the repository you can run the "
5748
"following command:"
3693
msgid "This command will prompt you to enter the password. Once you enter the password, the user is added. Now, to access the repository you can run the following command:"
5749
3694
msgstr ""
5750
3695
5751
3696
#: serverguide/C/vcs.xml:265(command)
5753
3698
msgstr ""
5754
3699
5755
3700
#: serverguide/C/vcs.xml:267(para)
5756
msgid ""
5757
"The password is transmitted as plain text. If you are worried about password "
5758
"snooping, you are advised to use SSL encryption. For details, please refer "
5759
"next section."
3701
msgid "The password is transmitted as plain text. If you are worried about password snooping, you are advised to use SSL encryption. For details, please refer next section."
5760
3702
msgstr ""
5761
3703
5762
3704
#: serverguide/C/vcs.xml:273(title)
5764
3706
msgstr ""
5765
3707
5766
3708
#: serverguide/C/vcs.xml:274(para)
5767
msgid ""
5768
"Accessing Subversion repository via WebDAV protocol with SSL encryption "
5769
"(https://) is similar to http:// except that you must install and configure "
5770
"the digital certificate in your Apache2 web server. To use SSL with "
5771
"Subversion add the above Apache2 configuration to "
5772
"<filename>/etc/apache2/sites-available/default-ssl</filename>. For more "
5773
"information on setting up Apache2 with SSL see <xref linkend=\"https-"
5774
"configuration\"/>."
3709
msgid "Accessing Subversion repository via WebDAV protocol with SSL encryption (https://) is similar to http:// except that you must install and configure the digital certificate in your Apache2 web server. To use SSL with Subversion add the above Apache2 configuration to <filename>/etc/apache2/sites-available/default-ssl</filename>. For more information on setting up Apache2 with SSL see <xref linkend=\"https-configuration\"/>."
5775
3710
msgstr ""
5776
3711
5777
3712
#: serverguide/C/vcs.xml:283(para)
5778
msgid ""
5779
"You can install a digital certificate issued by a signing authority. "
5780
"Alternatively, you can install your own self-signed certificate."
3713
msgid "You can install a digital certificate issued by a signing authority. Alternatively, you can install your own self-signed certificate."
5781
3714
msgstr ""
5782
3715
5783
3716
#: serverguide/C/vcs.xml:288(para)
5784
msgid ""
5785
"This step assumes you have installed and configured a digital certificate in "
5786
"your Apache 2 web server. Now, to access the Subversion repository, please "
5787
"refer to the above section! The access methods are exactly the same, except "
5788
"the protocol. You must use https:// to access the Subversion repository."
3717
msgid "This step assumes you have installed and configured a digital certificate in your Apache 2 web server. Now, to access the Subversion repository, please refer to the above section! The access methods are exactly the same, except the protocol. You must use https:// to access the Subversion repository."
5789
3718
msgstr ""
5790
3719
5791
3720
#: serverguide/C/vcs.xml:298(title)
5793
3722
msgstr ""
5794
3723
5795
3724
#: serverguide/C/vcs.xml:299(para)
5796
msgid ""
5797
"Once the Subversion repository is created, you can configure the access "
5798
"control. You can edit the <filename> "
5799
"/path/to/repos/project/conf/svnserve.conf</filename> file to configure the "
5800
"access control. For example, to set up authentication, you can uncomment the "
5801
"following lines in the configuration file:"
3725
msgid "Once the Subversion repository is created, you can configure the access control. You can edit the <filename> /path/to/repos/project/conf/svnserve.conf</filename> file to configure the access control. For example, to set up authentication, you can uncomment the following lines in the configuration file:"
5802
3726
msgstr ""
5803
3727
5804
3728
#: serverguide/C/vcs.xml:306(programlisting)
5805
3729
#, no-wrap
5806
msgid ""
5807
"# [general]\n"
5808
"# password-db = passwd"
3730
msgid "# [general]\n# password-db = passwd"
5809
3731
msgstr ""
5810
3732
5811
3733
#: serverguide/C/vcs.xml:309(para)
5812
msgid ""
5813
"After uncommenting the above lines, you can maintain the user list in the "
5814
"passwd file. So, edit the file <filename>passwd </filename> in the same "
5815
"directory and add the new user. The syntax is as follows:"
3734
msgid "After uncommenting the above lines, you can maintain the user list in the passwd file. So, edit the file <filename>passwd </filename> in the same directory and add the new user. The syntax is as follows:"
5816
3735
msgstr ""
5817
3736
5818
3737
#: serverguide/C/vcs.xml:315(programlisting)
5825
3744
msgstr ""
5826
3745
5827
3746
#: serverguide/C/vcs.xml:320(para)
5828
msgid ""
5829
"Now, to access Subversion via the svn:// custom protocol, either from the "
5830
"same machine or a different machine, you can run svnserver using svnserve "
5831
"command. The syntax is as follows:"
3747
msgid "Now, to access Subversion via the svn:// custom protocol, either from the same machine or a different machine, you can run svnserver using svnserve command. The syntax is as follows:"
5832
3748
msgstr ""
5833
3749
5834
3750
#: serverguide/C/vcs.xml:325(programlisting)
5835
3751
#, no-wrap
5836
msgid ""
5837
"$ svnserve -d --foreground -r /path/to/repos\n"
5838
"# -d -- daemon mode\n"
5839
"# --foreground -- run in foreground (useful for debugging)\n"
5840
"# -r -- root of directory to serve\n"
5841
"\n"
5842
"For more usage details, please refer to:\n"
5843
"$ svnserve --help"
3752
msgid "$ svnserve -d --foreground -r /path/to/repos\n# -d -- daemon mode\n# --foreground -- run in foreground (useful for debugging)\n# -r -- root of directory to serve\n\nFor more usage details, please refer to:\n$ svnserve --help"
5844
3753
msgstr ""
5845
3754
5846
3755
#: serverguide/C/vcs.xml:333(para)
5847
msgid ""
5848
"Once you run this command, Subversion starts listening on default port "
5849
"(3690). To access the project repository, you must run the following command "
5850
"from a terminal prompt:"
3756
msgid "Once you run this command, Subversion starts listening on default port (3690). To access the project repository, you must run the following command from a terminal prompt:"
5851
3757
msgstr ""
5852
3758
5853
3759
#: serverguide/C/vcs.xml:336(command)
5855
3761
msgstr ""
5856
3762
5857
3763
#: serverguide/C/vcs.xml:339(para)
5858
msgid ""
5859
"Based on server configuration, it prompts for password. Once you are "
5860
"authenticated, it checks out the code from Subversion repository. To "
5861
"synchronize the project repository with the local copy, you can run the "
5862
"<command>update</command> sub-command. The syntax of the command, entered at "
5863
"a terminal prompt, is as follows:"
3764
msgid "Based on server configuration, it prompts for password. Once you are authenticated, it checks out the code from Subversion repository. To synchronize the project repository with the local copy, you can run the <command>update</command> sub-command. The syntax of the command, entered at a terminal prompt, is as follows:"
5864
3765
msgstr ""
5865
3766
5866
3767
#: serverguide/C/vcs.xml:347(command)
5868
3769
msgstr ""
5869
3770
5870
3771
#: serverguide/C/vcs.xml:350(para)
5871
msgid ""
5872
"For more details about using each Subversion sub-command, you can refer to "
5873
"the manual. For example, to learn more about the co (checkout) command, "
5874
"please run the following command from a terminal prompt:"
3772
msgid "For more details about using each Subversion sub-command, you can refer to the manual. For example, to learn more about the co (checkout) command, please run the following command from a terminal prompt:"
5875
3773
msgstr ""
5876
3774
5877
3775
#: serverguide/C/vcs.xml:354(command)
5883
3781
msgstr ""
5884
3782
5885
3783
#: serverguide/C/vcs.xml:359(para)
5886
msgid ""
5887
"The configuration and server process is same as in the svn:// method. For "
5888
"details, please refer to the above section. This step assumes you have "
5889
"followed the above step and started the Subversion server using "
5890
"<application>svnserve</application> command."
3784
msgid "The configuration and server process is same as in the svn:// method. For details, please refer to the above section. This step assumes you have followed the above step and started the Subversion server using <application>svnserve</application> command."
5891
3785
msgstr ""
5892
3786
5893
3787
#: serverguide/C/vcs.xml:365(para)
5894
msgid ""
5895
"It is also assumed that the ssh server is running on that machine and that "
5896
"it is allowing incoming connections. To confirm, please try to login to that "
5897
"machine using ssh. If you can login, everything is perfect. If you cannot "
5898
"login, please address it before continuing further."
3788
msgid "It is also assumed that the ssh server is running on that machine and that it is allowing incoming connections. To confirm, please try to login to that machine using ssh. If you can login, everything is perfect. If you cannot login, please address it before continuing further."
5899
3789
msgstr ""
5900
3790
5901
3791
#: serverguide/C/vcs.xml:371(para)
5902
msgid ""
5903
"The svn+ssh:// protocol is used to access the Subversion repository using "
5904
"SSL encryption. The data transfer is encrypted using this method. To access "
5905
"the project repository (for example with a checkout), you must use the "
5906
"following command syntax:"
3792
msgid "The svn+ssh:// protocol is used to access the Subversion repository using SSL encryption. The data transfer is encrypted using this method. To access the project repository (for example with a checkout), you must use the following command syntax:"
5907
3793
msgstr ""
5908
3794
5909
3795
#: serverguide/C/vcs.xml:378(command)
5911
3797
msgstr ""
5912
3798
5913
3799
#: serverguide/C/vcs.xml:382(para)
5914
msgid ""
5915
"You must use the full path (/path/to/repos/project) to access the Subversion "
5916
"repository using this access method."
3800
msgid "You must use the full path (/path/to/repos/project) to access the Subversion repository using this access method."
5917
3801
msgstr ""
5918
3802
5919
3803
#: serverguide/C/vcs.xml:385(para)
5920
msgid ""
5921
"Based on server configuration, it prompts for password. You must enter the "
5922
"password you use to login via ssh. Once you are authenticated, it checks out "
5923
"the code from the Subversion repository."
3804
msgid "Based on server configuration, it prompts for password. You must enter the password you use to login via ssh. Once you are authenticated, it checks out the code from the Subversion repository."
5924
3805
msgstr ""
5925
3806
5926
3807
#: serverguide/C/vcs.xml:396(title)
5928
3809
msgstr ""
5929
3810
5930
3811
#: serverguide/C/vcs.xml:397(para)
5931
msgid ""
5932
"CVS is a version control system. You can use it to record the history of "
5933
"source files."
3812
msgid "CVS is a version control system. You can use it to record the history of source files."
5934
3813
msgstr ""
5935
3814
5936
3815
#: serverguide/C/vcs.xml:403(para)
5937
msgid ""
5938
"To install <application>CVS</application>, run the following command from a "
5939
"terminal prompt: <screen>\n"
5940
"<command>sudo apt-get install cvs</command>\n"
5941
"</screen> After you install <application>cvs</application>, you should "
5942
"install <application>xinetd</application> to start/stop the cvs server. At "
5943
"the prompt, enter the following command to install "
5944
"<application>xinetd</application>: <screen>\n"
5945
"<command>sudo apt-get install xinetd</command>\n"
5946
"</screen>"
3816
msgid "To install <application>CVS</application>, run the following command from a terminal prompt: <screen>\n<command>sudo apt-get install cvs</command>\n</screen> After you install <application>cvs</application>, you should install <application>xinetd</application> to start/stop the cvs server. At the prompt, enter the following command to install <application>xinetd</application>: <screen>\n<command>sudo apt-get install xinetd</command>\n</screen>"
5947
3817
msgstr ""
5948
3818
5949
3819
#: serverguide/C/vcs.xml:436(programlisting)
5950
3820
#, no-wrap
5951
msgid ""
5952
"\n"
5953
"service cvspserver\n"
5954
"{\n"
5955
" port = 2401\n"
5956
" socket_type = stream\n"
5957
" protocol = tcp\n"
5958
" user = root\n"
5959
" wait = no\n"
5960
" type = UNLISTED\n"
5961
" server = /usr/bin/cvs\n"
5962
" server_args = -f --allow-root /var/lib/cvs pserver\n"
5963
" disable = no\n"
5964
"}\n"
3821
msgid "\nservice cvspserver\n{\n port = 2401\n socket_type = stream\n protocol = tcp\n user = root\n wait = no\n type = UNLISTED\n server = /usr/bin/cvs\n server_args = -f --allow-root /var/lib/cvs pserver\n disable = no\n}\n"
5965
3822
msgstr ""
5966
3823
5967
3824
#: serverguide/C/vcs.xml:452(para)
5968
msgid ""
5969
"Be sure to edit the repository if you have changed the default repository "
5970
"(<application>/var/lib/cvs</application>) directory."
3825
msgid "Be sure to edit the repository if you have changed the default repository (<application>/var/lib/cvs</application>) directory."
5971
3826
msgstr ""
5972
3827
5973
3828
#: serverguide/C/vcs.xml:421(para)
5974
msgid ""
5975
"Once you install cvs, the repository will be automatically initialized. By "
5976
"default, the repository resides under the "
5977
"<application>/var/lib/cvs</application> directory. You can change this path "
5978
"by running following command: <screen>\n"
5979
"<command>cvs -d /your/new/cvs/repo init</command>\n"
5980
"</screen> Once the initial repository is set up, you can configure "
5981
"<application>xinetd</application> to start the CVS server. You can copy the "
5982
"following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. "
5983
"<placeholder-1/><placeholder-2/> Once you have configured "
5984
"<application>xinetd</application> you can start the cvs server by running "
5985
"following command: <screen>\n"
5986
"<command>sudo /etc/init.d/xinetd restart</command>\n"
5987
"</screen>"
3829
msgid "Once you install cvs, the repository will be automatically initialized. By default, the repository resides under the <application>/var/lib/cvs</application> directory. You can change this path by running following command: <screen>\n<command>cvs -d /your/new/cvs/repo init</command>\n</screen> Once the initial repository is set up, you can configure <application>xinetd</application> to start the CVS server. You can copy the following lines to the <filename> /etc/xinetd.d/cvspserver</filename> file. <placeholder-1/><placeholder-2/> Once you have configured <application>xinetd</application> you can start the cvs server by running following command: <screen>\n<command>sudo /etc/init.d/xinetd restart</command>\n</screen>"
5988
3830
msgstr ""
5989
3831
5990
3832
#: serverguide/C/vcs.xml:465(para)
5991
msgid ""
5992
"You can confirm that the CVS server is running by issuing the following "
5993
"command:"
3833
msgid "You can confirm that the CVS server is running by issuing the following command:"
5994
3834
msgstr ""
5995
3835
5996
3836
#: serverguide/C/vcs.xml:472(command)
5998
3838
msgstr ""
5999
3839
6000
3840
#: serverguide/C/vcs.xml:476(para) serverguide/C/databases.xml:65(para)
6001
msgid ""
6002
"When you run this command, you should see the following line or something "
6003
"similar:"
3841
msgid "When you run this command, you should see the following line or something similar:"
6004
3842
msgstr ""
6005
3843
6006
3844
#: serverguide/C/vcs.xml:481(programlisting)
6007
3845
#, no-wrap
6008
msgid ""
6009
"\n"
6010
"tcp 0 0 *:cvspserver *:* LISTEN \n"
3846
msgid "\ntcp 0 0 *:cvspserver *:* LISTEN \n"
6011
3847
msgstr ""
6012
3848
6013
3849
#: serverguide/C/vcs.xml:485(para)
6014
msgid ""
6015
"From here you can continue to add users, add new projects, and manage the "
6016
"CVS server."
3850
msgid "From here you can continue to add users, add new projects, and manage the CVS server."
6017
3851
msgstr ""
6018
3852
6019
3853
#: serverguide/C/vcs.xml:490(para)
6020
msgid ""
6021
"CVS allows the user to add users independently of the underlying OS "
6022
"installation. Probably the easiest way is to use the Linux Users for CVS, "
6023
"although it has potential security issues. Please refer to the CVS manual "
6024
"for details."
3854
msgid "CVS allows the user to add users independently of the underlying OS installation. Probably the easiest way is to use the Linux Users for CVS, although it has potential security issues. Please refer to the CVS manual for details."
6025
3855
msgstr ""
6026
3856
6027
3857
#: serverguide/C/vcs.xml:500(title)
6029
3859
msgstr ""
6030
3860
6031
3861
#: serverguide/C/vcs.xml:512(para)
6032
msgid ""
6033
"You can use the CVSROOT environment variable to store the CVS root "
6034
"directory. Once you export the CVSROOT environment variable, you can avoid "
6035
"using -d option in the above cvs command."
3862
msgid "You can use the CVSROOT environment variable to store the CVS root directory. Once you export the CVSROOT environment variable, you can avoid using -d option in the above cvs command."
6036
3863
msgstr ""
6037
3864
6038
3865
#: serverguide/C/vcs.xml:524(para)
6039
msgid ""
6040
"When you add a new project, the CVS user you use must have write access to "
6041
"the CVS repository (<application>/var/lib/cvs</application>). By default, "
6042
"the <application>src</application> group has write access to the CVS "
6043
"repository. So, you can add the user to this group, and he can then add and "
6044
"manage projects in the CVS repository."
3866
msgid "When you add a new project, the CVS user you use must have write access to the CVS repository (<application>/var/lib/cvs</application>). By default, the <application>src</application> group has write access to the CVS repository. So, you can add the user to this group, and he can then add and manage projects in the CVS repository."
6045
3867
msgstr ""
6046
3868
6047
3869
#: serverguide/C/vcs.xml:501(para)
6048
msgid ""
6049
"This section explains how to add new project to the CVS repository. Create "
6050
"the directory and add necessary document and source files to the directory. "
6051
"Now, run the following command to add this project to CVS repository: "
6052
"<screen>\n"
6053
"<command>cd your/project</command>\n"
6054
"<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m "
6055
"\"Importing my project to CVS repository\" . new_project start</command>\n"
6056
"</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a "
6057
"vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no "
6058
"purpose in this context, but since CVS requires them, they must be present. "
6059
"<placeholder-2/>"
3870
msgid "This section explains how to add new project to the CVS repository. Create the directory and add necessary document and source files to the directory. Now, run the following command to add this project to CVS repository: <screen>\n<command>cd your/project</command>\n<command>cvs -d :pserver:username@hostname.com:/var/lib/cvs import -m \"Importing my project to CVS repository\" . new_project start</command>\n</screen><placeholder-1/> The string <emphasis>new_project</emphasis> is a vendor tag, and <emphasis>start</emphasis> is a release tag. They serve no purpose in this context, but since CVS requires them, they must be present. <placeholder-2/>"
6060
3871
msgstr ""
6061
3872
6062
3873
#: serverguide/C/vcs.xml:537(ulink)
6084
3895
msgstr ""
6085
3896
6086
3897
#: serverguide/C/serverguide.xml:4(para) serverguide/C/bookinfo.xml:4(para)
6087
msgid ""
6088
"This document is maintained by the Ubuntu documentation team "
6089
"(https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see "
6090
"the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
3898
msgid "This document is maintained by the Ubuntu documentation team (https://wiki.ubuntu.com/DocumentationTeam). For a list of contributors, see the <ulink url=\"../../libs/C/contributors.xml\">contributors page</ulink>"
6091
3899
msgstr ""
6092
3900
6093
3901
#: serverguide/C/serverguide.xml:5(para) serverguide/C/bookinfo.xml:5(para)
6094
msgid ""
6095
"This document is made available under the Creative Commons ShareAlike 2.5 "
6096
"License (CC-BY-SA)."
3902
msgid "This document is made available under the Creative Commons ShareAlike 2.5 License (CC-BY-SA)."
6097
3903
msgstr ""
6098
3904
6099
3905
#: serverguide/C/serverguide.xml:6(para) serverguide/C/bookinfo.xml:6(para)
6100
msgid ""
6101
"You are free to modify, extend, and improve the Ubuntu documentation source "
6102
"code under the terms of this license. All derivative works must be released "
6103
"under this license."
3906
msgid "You are free to modify, extend, and improve the Ubuntu documentation source code under the terms of this license. All derivative works must be released under this license."
6104
3907
msgstr ""
6105
3908
6106
3909
#: serverguide/C/serverguide.xml:8(para) serverguide/C/bookinfo.xml:8(para)
6107
msgid ""
6108
"This documentation is distributed in the hope that it will be useful, but "
6109
"WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY "
6110
"or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
3910
msgid "This documentation is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AS DESCRIBED IN THE DISCLAIMER."
6111
3911
msgstr ""
6112
3912
6113
3913
#: serverguide/C/serverguide.xml:11(para) serverguide/C/bookinfo.xml:11(para)
6114
msgid ""
6115
"A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-"
6116
"docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
3914
msgid "A copy of the license is available here: <ulink url=\"/usr/share/ubuntu-docs/libs/C/ccbysa.xml\">Creative Commons ShareAlike License</ulink>."
6117
3915
msgstr ""
6118
3916
6119
3917
#: serverguide/C/serverguide.xml:14(year) serverguide/C/bookinfo.xml:14(year)
6133
3931
msgstr ""
6134
3932
6135
3933
#: serverguide/C/serverguide.xml:17(para)
6136
msgid ""
6137
"Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains "
6138
"information on how to install and configure various server applications on "
6139
"your Ubuntu system to fit your needs. It is a step-by-step, task-oriented "
6140
"guide for configuring and customizing your system."
3934
msgid "Welcome to the <emphasis>Ubuntu Server Guide</emphasis>! It contains information on how to install and configure various server applications on your Ubuntu system to fit your needs. It is a step-by-step, task-oriented guide for configuring and customizing your system."
6141
3935
msgstr ""
6142
3936
6143
3937
#: serverguide/C/security.xml:13(title)
6145
3939
msgstr ""
6146
3940
6147
3941
#: serverguide/C/security.xml:14(para)
6148
msgid ""
6149
"Security should always be considered when installing, deploying, and using "
6150
"any type of computer system. Although a fresh installation of Ubuntu is "
6151
"relatively safe for immediate use on the Internet, it is important to have a "
6152
"balanced understanding of your systems security posture based on how it will "
6153
"be used after deployment."
3942
msgid "Security should always be considered when installing, deploying, and using any type of computer system. Although a fresh installation of Ubuntu is relatively safe for immediate use on the Internet, it is important to have a balanced understanding of your systems security posture based on how it will be used after deployment."
6154
3943
msgstr ""
6155
3944
6156
3945
#: serverguide/C/security.xml:17(para)
6157
msgid ""
6158
"This chapter provides an overview of security related topics as they pertain "
6159
"to Ubuntu 9.10 Server Edition, and outlines simple measures you may use to "
6160
"protect your server and network from any number of potential security "
6161
"threats."
3946
msgid "This chapter provides an overview of security related topics as they pertain to Ubuntu 10.04 LTS Server Edition, and outlines simple measures you may use to protect your server and network from any number of potential security threats."
6162
3947
msgstr ""
6163
3948
6164
3949
#: serverguide/C/security.xml:21(title)
6166
3951
msgstr ""
6167
3952
6168
3953
#: serverguide/C/security.xml:22(para)
6169
msgid ""
6170
"User management is a critical part of maintaining a secure system. "
6171
"Ineffective user and privilege management often lead many systems into being "
6172
"compromised. Therefore, it is important that you understand how you can "
6173
"protect your server through simple and effective user account management "
6174
"techniques."
3954
msgid "User management is a critical part of maintaining a secure system. Ineffective user and privilege management often lead many systems into being compromised. Therefore, it is important that you understand how you can protect your server through simple and effective user account management techniques."
6175
3955
msgstr ""
6176
3956
6177
3957
#: serverguide/C/security.xml:26(title)
6179
3959
msgstr ""
6180
3960
6181
3961
#: serverguide/C/security.xml:27(para)
6182
msgid ""
6183
"Ubuntu developers made a conscientious decision to disable the "
6184
"administrative root account by default in all Ubuntu installations. This "
6185
"does not mean that the root account has been deleted or that it may not be "
6186
"accessed. It merely has been given a password which matches no possible "
6187
"encrypted value, therefore may not log in directly by itself."
3962
msgid "Ubuntu developers made a conscientious decision to disable the administrative root account by default in all Ubuntu installations. This does not mean that the root account has been deleted or that it may not be accessed. It merely has been given a password which matches no possible encrypted value, therefore may not log in directly by itself."
6188
3963
msgstr ""
6189
3964
6190
3965
#: serverguide/C/security.xml:30(para)
6191
msgid ""
6192
"Instead, users are encouraged to make use of a tool by the name of "
6193
"<application>sudo</application> to carry out system administrative duties. "
6194
"<application>Sudo</application> allows an authorized user to temporarily "
6195
"elevate their privileges using their own password instead of having to know "
6196
"the password belonging to the root account. This simple yet effective "
6197
"methodology provides accountability for all user actions, and gives the "
6198
"administrator granular control over which actions a user can perform with "
6199
"said privileges."
3966
msgid "Instead, users are encouraged to make use of a tool by the name of <application>sudo</application> to carry out system administrative duties. <application>Sudo</application> allows an authorized user to temporarily elevate their privileges using their own password instead of having to know the password belonging to the root account. This simple yet effective methodology provides accountability for all user actions, and gives the administrator granular control over which actions a user can perform with said privileges."
6200
3967
msgstr ""
6201
3968
6202
3969
#: serverguide/C/security.xml:35(para)
6203
msgid ""
6204
"If for some reason you wish to enable the root account, simply give it a "
6205
"password:"
3970
msgid "If for some reason you wish to enable the root account, simply give it a password:"
6206
3971
msgstr ""
6207
3972
6208
3973
#: serverguide/C/security.xml:39(command)
6210
3975
msgstr ""
6211
3976
6212
3977
#: serverguide/C/security.xml:41(para)
6213
msgid ""
6214
"Sudo will prompt you for your password, and then ask you to supply a new "
6215
"password for root as shown below:"
3978
msgid "Sudo will prompt you for your password, and then ask you to supply a new password for root as shown below:"
6216
3979
msgstr ""
6217
3980
6218
3981
#: serverguide/C/security.xml:44(userinput)
6232
3995
6233
3996
#: serverguide/C/security.xml:44(computeroutput)
6234
3997
#, no-wrap
6235
msgid ""
6236
"[sudo] password for username: <placeholder-1/>\n"
6237
"Enter new UNIX password: <placeholder-2/>\n"
6238
"Retype new UNIX password: <placeholder-3/>\n"
6239
"passwd: password updated successfully"
3998
msgid "[sudo] password for username: <placeholder-1/>\nEnter new UNIX password: <placeholder-2/>\nRetype new UNIX password: <placeholder-3/>\npasswd: password updated successfully"
6240
3999
msgstr ""
6241
4000
6242
4001
#: serverguide/C/security.xml:51(para)
6248
4007
msgstr ""
6249
4008
6250
4009
#: serverguide/C/security.xml:59(para)
6251
msgid ""
6252
"You should read more on <application>Sudo</application> by checking out it's "
6253
"man page:"
4010
msgid "You should read more on <application>Sudo</application> by checking out it's man page:"
6254
4011
msgstr ""
6255
4012
6256
4013
#: serverguide/C/security.xml:63(command)
6258
4015
msgstr ""
6259
4016
6260
4017
#: serverguide/C/security.xml:67(para)
6261
msgid ""
6262
"By default, the initial user created by the Ubuntu installer is a member of "
6263
"the group \"admin\" which is added to the file "
6264
"<filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to "
6265
"give any other account full root access through "
6266
"<application>sudo</application>, simply add them to the admin group."
4018
msgid "By default, the initial user created by the Ubuntu installer is a member of the group \"admin\" which is added to the file <filename>/etc/sudoers</filename> as an authorized sudo user. If you wish to give any other account full root access through <application>sudo</application>, simply add them to the admin group."
6267
4019
msgstr ""
6268
4020
6269
4021
#: serverguide/C/security.xml:73(title)
6271
4023
msgstr ""
6272
4024
6273
4025
#: serverguide/C/security.xml:74(para)
6274
msgid ""
6275
"The process for managing local users and groups is straight forward and "
6276
"differs very little from most other GNU/Linux operating systems. Ubuntu and "
6277
"other Debian based distributions, encourage the use of the \"adduser\" "
6278
"package for account management."
4026
msgid "The process for managing local users and groups is straight forward and differs very little from most other GNU/Linux operating systems. Ubuntu and other Debian based distributions, encourage the use of the \"adduser\" package for account management."
6279
4027
msgstr ""
6280
4028
6281
4029
#: serverguide/C/security.xml:79(para)
6282
msgid ""
6283
"To add a user account, use the following syntax, and follow the prompts to "
6284
"give the account a password and identifiable characteristics such as a full "
6285
"name, phone number, etc."
4030
msgid "To add a user account, use the following syntax, and follow the prompts to give the account a password and identifiable characteristics such as a full name, phone number, etc."
6286
4031
msgstr ""
6287
4032
6288
4033
#: serverguide/C/security.xml:83(command)
6290
4035
msgstr ""
6291
4036
6292
4037
#: serverguide/C/security.xml:87(para)
6293
msgid ""
6294
"To delete a user account and its primary group, use the following syntax:"
4038
msgid "To delete a user account and its primary group, use the following syntax:"
6295
4039
msgstr ""
6296
4040
6297
4041
#: serverguide/C/security.xml:91(command)
6299
4043
msgstr ""
6300
4044
6301
4045
#: serverguide/C/security.xml:93(para)
6302
msgid ""
6303
"Deleting an account does not remove their respective home folder. It is up "
6304
"to you whether or not you wish to delete the folder manually or keep it "
6305
"according to your desired retention policies."
4046
msgid "Deleting an account does not remove their respective home folder. It is up to you whether or not you wish to delete the folder manually or keep it according to your desired retention policies."
6306
4047
msgstr ""
6307
4048
6308
4049
#: serverguide/C/security.xml:96(para)
6309
msgid ""
6310
"Remember, any user added later on with the same UID/GID as the previous "
6311
"owner will now have access to this folder if you have not taken the "
6312
"necessary precautions."
4050
msgid "Remember, any user added later on with the same UID/GID as the previous owner will now have access to this folder if you have not taken the necessary precautions."
6313
4051
msgstr ""
6314
4052
6315
4053
#: serverguide/C/security.xml:99(para)
6316
msgid ""
6317
"You may want to change these UID/GID values to something more appropriate, "
6318
"such as the root account, and perhaps even relocate the folder to avoid "
6319
"future conflicts:"
4054
msgid "You may want to change these UID/GID values to something more appropriate, such as the root account, and perhaps even relocate the folder to avoid future conflicts:"
6320
4055
msgstr ""
6321
4056
6322
4057
#: serverguide/C/security.xml:103(command)
6332
4067
msgstr ""
6333
4068
6334
4069
#: serverguide/C/security.xml:109(para)
6335
msgid ""
6336
"To temporarily lock or unlock a user account, use the following syntax, "
6337
"respectively:"
4070
msgid "To temporarily lock or unlock a user account, use the following syntax, respectively:"
6338
4071
msgstr ""
6339
4072
6340
4073
#: serverguide/C/security.xml:113(command)
6346
4079
msgstr ""
6347
4080
6348
4081
#: serverguide/C/security.xml:118(para)
6349
msgid ""
6350
"To add or delete a personalized group, use the following syntax, "
6351
"respectively:"
4082
msgid "To add or delete a personalized group, use the following syntax, respectively:"
6352
4083
msgstr ""
6353
4084
6354
4085
#: serverguide/C/security.xml:122(command)
6372
4103
msgstr ""
6373
4104
6374
4105
#: serverguide/C/security.xml:139(para)
6375
msgid ""
6376
"When a new user is created, the adduser utility creates a brand new home "
6377
"directory named <filename class=\"directory\">/home/username</filename>, "
6378
"respectively. The default profile is modeled after the contents found in the "
6379
"directory of <filename class=\"directory\">/etc/skel</filename>, which "
6380
"includes all profile basics."
4106
msgid "When a new user is created, the adduser utility creates a brand new home directory named <filename class=\"directory\">/home/username</filename>, respectively. The default profile is modeled after the contents found in the directory of <filename class=\"directory\">/etc/skel</filename>, which includes all profile basics."
6381
4107
msgstr ""
6382
4108
6383
4109
#: serverguide/C/security.xml:142(para)
6384
msgid ""
6385
"If your server will be home to multiple users, you should pay close "
6386
"attention to the user home directory permissions to ensure confidentiality. "
6387
"By default, user home directories in Ubuntu are created with world "
6388
"read/execute permissions. This means that all users can browse and access "
6389
"the contents of other users home directories. This may not be suitable for "
6390
"your environment."
4110
msgid "If your server will be home to multiple users, you should pay close attention to the user home directory permissions to ensure confidentiality. By default, user home directories in Ubuntu are created with world read/execute permissions. This means that all users can browse and access the contents of other users home directories. This may not be suitable for your environment."
6391
4111
msgstr ""
6392
4112
6393
4113
#: serverguide/C/security.xml:147(para)
6394
msgid ""
6395
"To verify your current users home directory permissions, use the following "
6396
"syntax:"
4114
msgid "To verify your current users home directory permissions, use the following syntax:"
6397
4115
msgstr ""
6398
4116
6399
4117
#: serverguide/C/security.xml:151(command) serverguide/C/security.xml:183(command)
6401
4119
msgstr ""
6402
4120
6403
4121
#: serverguide/C/security.xml:153(para)
6404
msgid ""
6405
"The following output shows that the directory <filename "
6406
"class=\"directory\">/home/username</filename> has world readable permissions:"
4122
msgid "The following output shows that the directory <filename class=\"directory\">/home/username</filename> has world readable permissions:"
6407
4123
msgstr ""
6408
4124
6409
4125
#: serverguide/C/security.xml:156(computeroutput)
6412
4128
msgstr ""
6413
4129
6414
4130
#: serverguide/C/security.xml:160(para)
6415
msgid ""
6416
"You can remove the world readable permissions using the following syntax:"
4131
msgid "You can remove the world readable permissions using the following syntax:"
6417
4132
msgstr ""
6418
4133
6419
4134
#: serverguide/C/security.xml:164(command)
6421
4136
msgstr ""
6422
4137
6423
4138
#: serverguide/C/security.xml:167(para)
6424
msgid ""
6425
"Some people tend to use the recursive option (-R) indiscriminately which "
6426
"modifies all child folders and files, but this is not necessary, and may "
6427
"yield other undesirable results. The parent directory alone is sufficient "
6428
"for preventing unauthorized access to anything below the parent."
4139
msgid "Some people tend to use the recursive option (-R) indiscriminately which modifies all child folders and files, but this is not necessary, and may yield other undesirable results. The parent directory alone is sufficient for preventing unauthorized access to anything below the parent."
6429
4140
msgstr ""
6430
4141
6431
4142
#: serverguide/C/security.xml:171(para)
6432
msgid ""
6433
"A much more efficient approach to the matter would be to modify the "
6434
"<application>adduser</application> global default permissions when creating "
6435
"user home folders. Simply edit the file "
6436
"<filename>/etc/adduser.conf</filename> and modify the "
6437
"<varname>DIR_MODE</varname> variable to something appropriate, so that all "
6438
"new home directories will receive the correct permissions."
4143
msgid "A much more efficient approach to the matter would be to modify the <application>adduser</application> global default permissions when creating user home folders. Simply edit the file <filename>/etc/adduser.conf</filename> and modify the <varname>DIR_MODE</varname> variable to something appropriate, so that all new home directories will receive the correct permissions."
6439
4144
msgstr ""
6440
4145
6441
4146
#: serverguide/C/security.xml:174(programlisting)
6442
4147
#, no-wrap
6443
msgid ""
6444
"\n"
6445
"DIR_MODE=0750\n"
4148
msgid "\nDIR_MODE=0750\n"
6446
4149
msgstr ""
6447
4150
6448
4151
#: serverguide/C/security.xml:179(para)
6449
msgid ""
6450
"After correcting the directory permissions using any of the previously "
6451
"mentioned techniques, verify the results using the following syntax:"
4152
msgid "After correcting the directory permissions using any of the previously mentioned techniques, verify the results using the following syntax:"
6452
4153
msgstr ""
6453
4154
6454
4155
#: serverguide/C/security.xml:185(para)
6455
msgid ""
6456
"The results below show that world readable permissions have been removed:"
4156
msgid "The results below show that world readable permissions have been removed:"
6457
4157
msgstr ""
6458
4158
6459
4159
#: serverguide/C/security.xml:188(computeroutput)
6466
4166
msgstr ""
6467
4167
6468
4168
#: serverguide/C/security.xml:196(para)
6469
msgid ""
6470
"A strong password policy is one of the most important aspects of your "
6471
"security posture. Many successful security breaches involve simple brute "
6472
"force and dictionary attacks against weak passwords. If you intend to offer "
6473
"any form of remote access involving your local password system, make sure "
6474
"you adequately address minimum password complexity requirements, maximum "
6475
"password lifetimes, and frequent audits of your authentication systems."
4169
msgid "A strong password policy is one of the most important aspects of your security posture. Many successful security breaches involve simple brute force and dictionary attacks against weak passwords. If you intend to offer any form of remote access involving your local password system, make sure you adequately address minimum password complexity requirements, maximum password lifetimes, and frequent audits of your authentication systems."
6476
4170
msgstr ""
6477
4171
6478
4172
#: serverguide/C/security.xml:200(title)
6480
4174
msgstr ""
6481
4175
6482
4176
#: serverguide/C/security.xml:201(para)
6483
msgid ""
6484
"By default, Ubuntu requires a minimum password length of 4 characters, as "
6485
"well as some basic entropy checks. These values are controlled in the file "
6486
"<filename>/etc/pam.d/common-password</filename>, which is outlined below."
4177
msgid "By default, Ubuntu requires a minimum password length of 4 characters, as well as some basic entropy checks. These values are controlled in the file <filename>/etc/pam.d/common-password</filename>, which is outlined below."
6487
4178
msgstr ""
6488
4179
6489
4180
#: serverguide/C/security.xml:204(programlisting)
6490
4181
#, no-wrap
6491
msgid ""
6492
"\n"
6493
"password required pam_unix.so nullok obscure min=4 max=8 md5\n"
4182
msgid "\npassword required pam_unix.so nullok obscure min=4 max=8 md5\n"
6494
4183
msgstr ""
6495
4184
6496
4185
#: serverguide/C/security.xml:207(para)
6497
msgid ""
6498
"If you would like to adjust the minimum length to 6 characters, change the "
6499
"appropriate variable to min=6. The modification is outlined below."
4186
msgid "If you would like to adjust the minimum length to 6 characters, change the appropriate variable to min=6. The modification is outlined below."
6500
4187
msgstr ""
6501
4188
6502
4189
#: serverguide/C/security.xml:210(programlisting)
6503
4190
#, no-wrap
6504
msgid ""
6505
"\n"
6506
"password required pam_unix.so nullok obscure min=6 max=8 md5\n"
4191
msgid "\npassword required pam_unix.so nullok obscure min=6 max=8 md5\n"
6507
4192
msgstr ""
6508
4193
6509
4194
#: serverguide/C/security.xml:214(para)
6510
msgid ""
6511
"The <varname>max=8</varname> variable does not represent the maximum length "
6512
"of a password. It only means that complexity requirements will not be "
6513
"checked on passwords over 8 characters. You may want to look at the "
6514
"<application>libpam-cracklib</application> package for additional password "
6515
"entropy assistance."
4195
msgid "The <varname>max=8</varname> variable does not represent the maximum length of a password. It only means that complexity requirements will not be checked on passwords over 8 characters. You may want to look at the <application>libpam-cracklib</application> package for additional password entropy assistance."
6516
4196
msgstr ""
6517
4197
6518
4198
#: serverguide/C/security.xml:220(title)
6520
4200
msgstr ""
6521
4201
6522
4202
#: serverguide/C/security.xml:221(para)
6523
msgid ""
6524
"When creating user accounts, you should make it a policy to have a minimum "
6525
"and maximum password age forcing users to change their passwords when they "
6526
"expire."
4203
msgid "When creating user accounts, you should make it a policy to have a minimum and maximum password age forcing users to change their passwords when they expire."
6527
4204
msgstr ""
6528
4205
6529
4206
#: serverguide/C/security.xml:226(para)
6530
msgid ""
6531
"To easily view the current status of a user account, use the following "
6532
"syntax:"
4207
msgid "To easily view the current status of a user account, use the following syntax:"
6533
4208
msgstr ""
6534
4209
6535
4210
#: serverguide/C/security.xml:230(command) serverguide/C/security.xml:263(command)
6537
4212
msgstr ""
6538
4213
6539
4214
#: serverguide/C/security.xml:232(para)
6540
msgid ""
6541
"The output below shows interesting facts about the user account, namely that "
6542
"there are no policies applied:"
4215
msgid "The output below shows interesting facts about the user account, namely that there are no policies applied:"
6543
4216
msgstr ""
6544
4217
6545
4218
#: serverguide/C/security.xml:235(computeroutput)
6546
4219
#, no-wrap
6547
msgid ""
6548
"Last password change : Jan 20, 2008\n"
6549
"Password expires : never\n"
6550
"Password inactive : never\n"
6551
"Account expires : never\n"
6552
"Minimum number of days between password change : 0\n"
6553
"Maximum number of days between password change : 99999\n"
6554
"Number of days of warning before password expires : 7"
4220
msgid "Last password change : Jan 20, 2008\nPassword expires : never\nPassword inactive : never\nAccount expires : never\nMinimum number of days between password change : 0\nMaximum number of days between password change : 99999\nNumber of days of warning before password expires : 7"
6555
4221
msgstr ""
6556
4222
6557
4223
#: serverguide/C/security.xml:245(para)
6558
msgid ""
6559
"To set any of these values, simply use the following syntax, and follow the "
6560
"interactive prompts:"
4224
msgid "To set any of these values, simply use the following syntax, and follow the interactive prompts:"
6561
4225
msgstr ""
6562
4226
6563
4227
#: serverguide/C/security.xml:249(command)
6565
4229
msgstr ""
6566
4230
6567
4231
#: serverguide/C/security.xml:251(para)
6568
msgid ""
6569
"The following is also an example of how you can manually change the explicit "
6570
"expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, "
6571
"maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after "
6572
"password expiration, and a warning time period (-W) of 14 days before "
6573
"password expiration."
4232
msgid "The following is also an example of how you can manually change the explicit expiration date (-E) to 01/31/2008, minimum password age (-m) of 5 days, maximum password age (-M) of 90 days, inactivity period (-I) of 5 days after password expiration, and a warning time period (-W) of 14 days before password expiration."
6574
4233
msgstr ""
6575
4234
6576
4235
#: serverguide/C/security.xml:255(command)
6582
4241
msgstr ""
6583
4242
6584
4243
#: serverguide/C/security.xml:265(para)
6585
msgid ""
6586
"The output below shows the new policies that have been established for the "
6587
"account:"
4244
msgid "The output below shows the new policies that have been established for the account:"
6588
4245
msgstr ""
6589
4246
6590
4247
#: serverguide/C/security.xml:268(computeroutput)
6591
4248
#, no-wrap
6592
msgid ""
6593
"Last password change : Jan 20, 2008\n"
6594
"Password expires : Apr 19, 2008\n"
6595
"Password inactive : May 19, 2008\n"
6596
"Account expires : Jan 31, 2008\n"
6597
"Minimum number of days between password change : 5\n"
6598
"Maximum number of days between password change : 90\n"
6599
"Number of days of warning before password expires : 14"
4249
msgid "Last password change : Jan 20, 2008\nPassword expires : Apr 19, 2008\nPassword inactive : May 19, 2008\nAccount expires : Jan 31, 2008\nMinimum number of days between password change : 5\nMaximum number of days between password change : 90\nNumber of days of warning before password expires : 14"
6600
4250
msgstr ""
6601
4251
6602
4252
#: serverguide/C/security.xml:284(title)
6604
4254
msgstr ""
6605
4255
6606
4256
#: serverguide/C/security.xml:285(para)
6607
msgid ""
6608
"Many applications use alternate authentication mechanisms that can be easily "
6609
"overlooked by even experienced system administrators. Therefore, it is "
6610
"important to understand and control how users authenticate and gain access "
6611
"to services and applications on your server."
4257
msgid "Many applications use alternate authentication mechanisms that can be easily overlooked by even experienced system administrators. Therefore, it is important to understand and control how users authenticate and gain access to services and applications on your server."
6612
4258
msgstr ""
6613
4259
6614
4260
#: serverguide/C/security.xml:290(title)
6616
4262
msgstr ""
6617
4263
6618
4264
#: serverguide/C/security.xml:291(para)
6619
msgid ""
6620
"Simply disabling/locking a user account will not prevent a user from logging "
6621
"into your server remotely if they have previously set up RSA public key "
6622
"authentication. They will still be able to gain shell access to the server, "
6623
"without the need for any password. Remember to check the users home "
6624
"directory for files that will allow for this type of authenticated SSH "
6625
"access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
4265
msgid "Simply disabling/locking a user account will not prevent a user from logging into your server remotely if they have previously set up RSA public key authentication. They will still be able to gain shell access to the server, without the need for any password. Remember to check the users home directory for files that will allow for this type of authenticated SSH access. e.g. <filename>/home/username/.ssh/authorized_keys</filename>."
6626
4266
msgstr ""
6627
4267
6628
4268
#: serverguide/C/security.xml:294(para)
6629
msgid ""
6630
"Remove or rename the directory <filename "
6631
"class=\"directory\">.ssh/</filename> in the user's home folder to prevent "
6632
"further SSH authentication capabilities."
4269
msgid "Remove or rename the directory <filename class=\"directory\">.ssh/</filename> in the user's home folder to prevent further SSH authentication capabilities."
6633
4270
msgstr ""
6634
4271
6635
4272
#: serverguide/C/security.xml:297(para)
6636
msgid ""
6637
"Be sure to check for any established SSH connections by the disabled user, "
6638
"as it is possible they may have existing inbound or outbound connections. "
6639
"Kill any that are found."
4273
msgid "Be sure to check for any established SSH connections by the disabled user, as it is possible they may have existing inbound or outbound connections. Kill any that are found."
6640
4274
msgstr ""
6641
4275
6642
4276
#: serverguide/C/security.xml:300(para)
6643
msgid ""
6644
"Restrict SSH access to only user accounts that should have it. For example, "
6645
"you may create a group called \"sshlogin\" and add the group name as the "
6646
"value associated with the <varname>AllowGroups</varname> variable located in "
6647
"the file <filename>/etc/ssh/sshd_config</filename>."
4277
msgid "Restrict SSH access to only user accounts that should have it. For example, you may create a group called \"sshlogin\" and add the group name as the value associated with the <varname>AllowGroups</varname> variable located in the file <filename>/etc/ssh/sshd_config</filename>."
6648
4278
msgstr ""
6649
4279
6650
4280
#: serverguide/C/security.xml:303(programlisting)
6651
4281
#, no-wrap
6652
msgid ""
6653
"\n"
6654
"AllowGroups sshlogin\n"
4282
msgid "\nAllowGroups sshlogin\n"
6655
4283
msgstr ""
6656
4284
6657
4285
#: serverguide/C/security.xml:306(para)
6658
msgid ""
6659
"Then add your permitted SSH users to the group \"sshlogin\", and restart the "
6660
"SSH service."
4286
msgid "Then add your permitted SSH users to the group \"sshlogin\", and restart the SSH service."
6661
4287
msgstr ""
6662
4288
6663
4289
#: serverguide/C/security.xml:310(command)
6673
4299
msgstr ""
6674
4300
6675
4301
#: serverguide/C/security.xml:316(para)
6676
msgid ""
6677
"Most enterprise networks require centralized authentication and access "
6678
"controls for all system resources. If you have configured your server to "
6679
"authenticate users against external databases, be sure to disable the user "
6680
"accounts both externally and locally, this way you ensure that local "
6681
"fallback authentication is not possible."
4302
msgid "Most enterprise networks require centralized authentication and access controls for all system resources. If you have configured your server to authenticate users against external databases, be sure to disable the user accounts both externally and locally, this way you ensure that local fallback authentication is not possible."
6682
4303
msgstr ""
6683
4304
6684
4305
#: serverguide/C/security.xml:325(title)
6686
4307
msgstr ""
6687
4308
6688
4309
#: serverguide/C/security.xml:326(para)
6689
msgid ""
6690
"As with any other security barrier you put in place to protect your server, "
6691
"it is pretty tough to defend against untold damage caused by someone with "
6692
"physical access to your environment, for example, theft of hard drives, "
6693
"power or service disruption and so on. Therefore, console security should be "
6694
"addressed merely as one component of your overall physical security "
6695
"strategy. A locked \"screen door\" may deter a casual criminal, or at the "
6696
"very least slow down a determined one, so it is still advisable to perform "
6697
"basic precautions with regard to console security."
4310
msgid "As with any other security barrier you put in place to protect your server, it is pretty tough to defend against untold damage caused by someone with physical access to your environment, for example, theft of hard drives, power or service disruption and so on. Therefore, console security should be addressed merely as one component of your overall physical security strategy. A locked \"screen door\" may deter a casual criminal, or at the very least slow down a determined one, so it is still advisable to perform basic precautions with regard to console security."
6698
4311
msgstr ""
6699
4312
6700
4313
#: serverguide/C/security.xml:329(para)
6701
msgid ""
6702
"The following instructions will help defend your server against issues that "
6703
"could otherwise yield very serious consequences."
4314
msgid "The following instructions will help defend your server against issues that could otherwise yield very serious consequences."
6704
4315
msgstr ""
6705
4316
6706
4317
#: serverguide/C/security.xml:334(title)
6708
4319
msgstr ""
6709
4320
6710
4321
#: serverguide/C/security.xml:335(para)
6711
msgid ""
6712
"First and foremost, anyone that has physical access to the keyboard can "
6713
"simply use the "
6714
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6715
"eycombo> key combination to reboot the server without having to log on. "
6716
"Sure, someone could simply unplug the power source, but you should still "
6717
"prevent the use of this key combination on a production server. This forces "
6718
"an attacker to take more drastic measures to reboot the server, and will "
6719
"prevent accidental reboots at the same time."
4322
msgid "First and foremost, anyone that has physical access to the keyboard can simply use the <keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></keycombo> key combination to reboot the server without having to log on. Sure, someone could simply unplug the power source, but you should still prevent the use of this key combination on a production server. This forces an attacker to take more drastic measures to reboot the server, and will prevent accidental reboots at the same time."
6720
4323
msgstr ""
6721
4324
6722
4325
#: serverguide/C/security.xml:340(para)
6723
msgid ""
6724
"To disable the reboot action taken by pressing the "
6725
"<keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></k"
6726
"eycombo> key combination, comment out the following line in the file "
6727
"<filename>/etc/event.d/control-alt-delete</filename>."
4326
msgid "To disable the reboot action taken by pressing the <keycombo><keycap>Ctrl</keycap><keycap>Alt</keycap><keycap>Delete</keycap></keycombo> key combination, comment out the following line in the file <filename>/etc/init/control-alt-delete.conf</filename>."
6728
4327
msgstr ""
6729
4328
6730
4329
#: serverguide/C/security.xml:343(programlisting)
6731
4330
#, no-wrap
6732
msgid ""
6733
"\n"
6734
"#exec /sbin/shutdown -r now \"Control-Alt-Delete pressed\"\n"
4331
msgid "\n#exec shutdown -r now \"Control-Alt-Delete pressed\"\n"
6735
4332
msgstr ""
6736
4333
6737
4334
#: serverguide/C/security.xml:350(title)
6739
4336
msgstr ""
6740
4337
6741
4338
#: serverguide/C/security.xml:351(para)
6742
msgid ""
6743
"Ubuntu installs GNU GRUB as its default boot loader, which allows for great "
6744
"flexibility and recovery options. For example, when you install additional "
6745
"kernel images, these are automatically added as available boot options in "
6746
"the <application>grub</application> menu. Also, by default, alternate boot "
6747
"options are available for each kernel entry that may be used for system "
6748
"recovery, aptly labeled (recovery mode). Recovery mode simply boots the "
6749
"corresponding kernel image into single user mode (init 1), which lands the "
6750
"administrator at a root prompt without the need for any password."
4339
msgid "Ubuntu installs GNU GRUB as its default boot loader, which allows for great flexibility and recovery options. For example, when you install additional kernel images, these are automatically added as available boot options in the <application>grub</application> menu. Also, by default, alternate boot options are available for each kernel entry that may be used for system recovery, aptly labeled (recovery mode). Recovery mode simply boots the corresponding kernel image into single user mode (init 1), which lands the administrator at a root prompt without the need for any password."
6751
4340
msgstr ""
6752
4341
6753
4342
#: serverguide/C/security.xml:354(para)
6754
msgid ""
6755
"Therefore, it is important to control who may edit the "
6756
"<application>grub</application> menu items which, would otherwise allow for "
6757
"someone to perform the following dangerous actions:"
4343
msgid "Therefore, it is important to control who may edit the <application>grub</application> menu items which, would otherwise allow for someone to perform the following dangerous actions:"
6758
4344
msgstr ""
6759
4345
6760
4346
#: serverguide/C/security.xml:359(para)
6766
4352
msgstr ""
6767
4353
6768
4354
#: serverguide/C/security.xml:369(para)
6769
msgid ""
6770
"You can prevent these actions by adding a password to GRUB's configuration "
6771
"file of <filename>/boot/grub/menu.lst</filename>, which will be required to "
6772
"unlock GRUB's more advanced features prior to use."
4355
msgid "You can prevent these actions by adding a password to GRUB's configuration file of <filename>/boot/grub/menu.lst</filename>, which will be required to unlock GRUB's more advanced features prior to use."
6773
4356
msgstr ""
6774
4357
6775
4358
#: serverguide/C/security.xml:374(para)
6776
msgid ""
6777
"To add a password for use with <application>grub</application>, first you "
6778
"must generate an md5 password hash using the <application>grub-md5-"
6779
"crypt</application> utility:"
4359
msgid "To add a password for use with <application>grub</application>, first you must generate an md5 password hash using the <application>grub-md5-crypt</application> utility:"
6780
4360
msgstr ""
6781
4361
6782
4362
#: serverguide/C/security.xml:378(command)
6784
4364
msgstr ""
6785
4365
6786
4366
#: serverguide/C/security.xml:380(para)
6787
msgid ""
6788
"The command will ask you to enter a password and offer a resulting hash "
6789
"value as shown below:"
4367
msgid "The command will ask you to enter a password and offer a resulting hash value as shown below:"
6790
4368
msgstr ""
6791
4369
6792
4370
#: serverguide/C/security.xml:383(userinput)
6801
4379
6802
4380
#: serverguide/C/security.xml:383(computeroutput)
6803
4381
#, no-wrap
6804
msgid ""
6805
"Password: <placeholder-1/>\n"
6806
"Retype password: <placeholder-2/>\n"
6807
"$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
4382
msgid "Password: <placeholder-1/>\nRetype password: <placeholder-2/>\n$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0"
6808
4383
msgstr ""
6809
4384
6810
4385
#: serverguide/C/security.xml:389(para)
6811
msgid ""
6812
"Add the resulting hash value to the file "
6813
"<filename>/boot/grub/menu.lst</filename> in the following format:"
4386
msgid "Add the resulting hash value to the file <filename>/boot/grub/menu.lst</filename> in the following format:"
6814
4387
msgstr ""
6815
4388
6816
4389
#: serverguide/C/security.xml:392(programlisting)
6819
4392
msgstr ""
6820
4393
6821
4394
#: serverguide/C/security.xml:395(para)
6822
msgid ""
6823
"To require use of the password for entering single user mode, change the "
6824
"value of the <varname>lockalternative</varname> variable in the file "
6825
"<filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as "
6826
"shown in the following example."
4395
msgid "To require use of the password for entering single user mode, change the value of the <varname>lockalternative</varname> variable in the file <filename>/boot/grub/menu.lst</filename> to <varname>true</varname>, as shown in the following example."
6827
4396
msgstr ""
6828
4397
6829
4398
#: serverguide/C/security.xml:398(programlisting)
6832
4401
msgstr ""
6833
4402
6834
4403
#: serverguide/C/security.xml:402(para)
6835
msgid ""
6836
"This does not prevent someone from booting the server from alternate media. "
6837
"A determined attacker would simply boot into an alternate environment, "
6838
"overwrite your master boot record, mount or copy your physical volumes, "
6839
"destroy your data, or anything else they can imagine. Please explore other "
6840
"countermeasures that may help you with these types of attacks."
4404
msgid "This does not prevent someone from booting the server from alternate media. A determined attacker would simply boot into an alternate environment, overwrite your master boot record, mount or copy your physical volumes, destroy your data, or anything else they can imagine. Please explore other countermeasures that may help you with these types of attacks."
6841
4405
msgstr ""
6842
4406
6843
4407
#: serverguide/C/security.xml:410(title)
6845
4409
msgstr ""
6846
4410
6847
4411
#: serverguide/C/security.xml:413(para)
6848
msgid ""
6849
"The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, "
6850
"which is used to manipulate or decide the fate of network traffic headed "
6851
"into or through your server. All modern Linux firewall solutions use this "
6852
"system for packet filtering."
4412
msgid "The Linux kernel includes the <emphasis>Netfilter</emphasis> subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering."
6853
4413
msgstr ""
6854
4414
6855
4415
#: serverguide/C/security.xml:418(para)
6856
msgid ""
6857
"The kernel's packet filtering system would be of little use to "
6858
"administrators without a userspace interface to manage it. This is the "
6859
"purpose of iptables. When a packet reaches your server, it will be handed "
6860
"off to the Netfilter subsystem for acceptance, manipulation, or rejection "
6861
"based on the rules supplied to it from userspace via iptables. Thus, "
6862
"iptables is all you need to manage your firewall if you're familiar with it, "
6863
"but many frontends are available to simplify the task."
4416
msgid "The kernel's packet filtering system would be of little use to administrators without a userspace interface to manage it. This is the purpose of iptables. When a packet reaches your server, it will be handed off to the Netfilter subsystem for acceptance, manipulation, or rejection based on the rules supplied to it from userspace via iptables. Thus, iptables is all you need to manage your firewall if you're familiar with it, but many frontends are available to simplify the task."
6864
4417
msgstr ""
6865
4418
6866
4419
#: serverguide/C/security.xml:428(title)
6868
4421
msgstr ""
6869
4422
6870
4423
#: serverguide/C/security.xml:429(para)
6871
msgid ""
6872
"The default firewall configuration tool for Ubuntu is "
6873
"<application>ufw</application>. Developed to ease iptables firewall "
6874
"configuration, <application>ufw</application> provides a user friendly way "
6875
"to create an IPv4 or IPv6 host-based firewall."
4424
msgid "The default firewall configuration tool for Ubuntu is <application>ufw</application>. Developed to ease iptables firewall configuration, <application>ufw</application> provides a user friendly way to create an IPv4 or IPv6 host-based firewall."
6876
4425
msgstr ""
6877
4426
6878
4427
#: serverguide/C/security.xml:433(para)
6879
msgid ""
6880
"<application>ufw</application> by default is initially disabled. From the "
6881
"<application>ufw</application> man page:"
4428
msgid "<application>ufw</application> by default is initially disabled. From the <application>ufw</application> man page:"
6882
4429
msgstr ""
6883
4430
6884
4431
#: serverguide/C/security.xml:437(quote)
6885
msgid ""
6886
"ufw is not intended to provide complete firewall functionality via its "
6887
"command interface, but instead provides an easy way to add or remove simple "
6888
"rules. It is currently mainly used for host-based firewalls."
4432
msgid "ufw is not intended to provide complete firewall functionality via its command interface, but instead provides an easy way to add or remove simple rules. It is currently mainly used for host-based firewalls."
6889
4433
msgstr ""
6890
4434
6891
4435
#: serverguide/C/security.xml:441(para)
6892
msgid ""
6893
"The following are some examples of how to use <application>ufw</application>:"
4436
msgid "The following are some examples of how to use <application>ufw</application>:"
6894
4437
msgstr ""
6895
4438
6896
4439
#: serverguide/C/security.xml:446(para)
6897
msgid ""
6898
"First, <application>ufw</application> needs to be enabled. From a terminal "
6899
"prompt enter:"
4440
msgid "First, <application>ufw</application> needs to be enabled. From a terminal prompt enter:"
6900
4441
msgstr ""
6901
4442
6902
4443
#: serverguide/C/security.xml:450(command)
6936
4477
msgstr ""
6937
4478
6938
4479
#: serverguide/C/security.xml:486(para)
6939
msgid ""
6940
"It is also possible to allow access from specific hosts or networks to a "
6941
"port. The following example allows ssh access from host 192.168.0.2 to any "
6942
"ip address on this host:"
4480
msgid "It is also possible to allow access from specific hosts or networks to a port. The following example allows ssh access from host 192.168.0.2 to any ip address on this host:"
6943
4481
msgstr ""
6944
4482
6945
4483
#: serverguide/C/security.xml:491(command)
6947
4485
msgstr ""
6948
4486
6949
4487
#: serverguide/C/security.xml:493(para)
6950
msgid ""
6951
"Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire "
6952
"subnet."
4488
msgid "Replace 192.168.0.2 with 192.168.0.0/24 to allow ssh access from the entire subnet."
6953
4489
msgstr ""
6954
4490
6955
4491
#: serverguide/C/security.xml:499(para)
6956
msgid ""
6957
"Adding the <emphasis>--dry-run</emphasis> option to a "
6958
"<emphasis>ufw</emphasis> command will output the resulting rules, but not "
6959
"apply them. For example, the following is what would be applied if opening "
6960
"the HTTP port:"
4492
msgid "Adding the <emphasis>--dry-run</emphasis> option to a <emphasis>ufw</emphasis> command will output the resulting rules, but not apply them. For example, the following is what would be applied if opening the HTTP port:"
6961
4493
msgstr ""
6962
4494
6963
4495
#: serverguide/C/security.xml:505(command)
6966
4498
6967
4499
#: serverguide/C/security.xml:509(computeroutput)
6968
4500
#, no-wrap
6969
msgid ""
6970
"*filter\n"
6971
":ufw-user-input - [0:0]\n"
6972
":ufw-user-output - [0:0]\n"
6973
":ufw-user-forward - [0:0]\n"
6974
":ufw-user-limit - [0:0]\n"
6975
":ufw-user-limit-accept - [0:0]\n"
6976
"### RULES ###\n"
6977
"\n"
6978
"### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n"
6979
"-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n"
6980
"\n"
6981
"### END RULES ###\n"
6982
"-A ufw-user-input -j RETURN\n"
6983
"-A ufw-user-output -j RETURN\n"
6984
"-A ufw-user-forward -j RETURN\n"
6985
"-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW "
6986
"LIMIT]: \"\n"
6987
"-A ufw-user-limit -j REJECT\n"
6988
"-A ufw-user-limit-accept -j ACCEPT\n"
6989
"COMMIT\n"
6990
"Rules updated"
4501
msgid "*filter\n:ufw-user-input - [0:0]\n:ufw-user-output - [0:0]\n:ufw-user-forward - [0:0]\n:ufw-user-limit - [0:0]\n:ufw-user-limit-accept - [0:0]\n### RULES ###\n\n### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0\n-A ufw-user-input -p tcp --dport 80 -j ACCEPT\n\n### END RULES ###\n-A ufw-user-input -j RETURN\n-A ufw-user-output -j RETURN\n-A ufw-user-forward -j RETURN\n-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix \"[UFW LIMIT]: \"\n-A ufw-user-limit -j REJECT\n-A ufw-user-limit-accept -j ACCEPT\nCOMMIT\nRules updated"
6991
4502
msgstr ""
6992
4503
6993
4504
#: serverguide/C/security.xml:533(para)
7023
4534
msgstr ""
7024
4535
7025
4536
#: serverguide/C/security.xml:566(para)
7026
msgid ""
7027
"If the port you want to open or close is defined in "
7028
"<filename>/etc/services</filename>, you can use the port name instead of the "
7029
"number. In the above examples, replace <emphasis>22</emphasis> with "
7030
"<emphasis>ssh</emphasis>."
4537
msgid "If the port you want to open or close is defined in <filename>/etc/services</filename>, you can use the port name instead of the number. In the above examples, replace <emphasis>22</emphasis> with <emphasis>ssh</emphasis>."
7031
4538
msgstr ""
7032
4539
7033
4540
#: serverguide/C/security.xml:572(para)
7034
msgid ""
7035
"This is a quick introduction to using <application>ufw</application>. Please "
7036
"refer to the <application>ufw</application> man page for more information."
4541
msgid "This is a quick introduction to using <application>ufw</application>. Please refer to the <application>ufw</application> man page for more information."
7037
4542
msgstr ""
7038
4543
7039
4544
#: serverguide/C/security.xml:578(title)
7041
4546
msgstr ""
7042
4547
7043
4548
#: serverguide/C/security.xml:580(para)
7044
msgid ""
7045
"Applications that open ports can include an <application>ufw</application> "
7046
"profile, which details the ports needed for the application to function "
7047
"properly. The profiles are kept in <filename "
7048
"role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if "
7049
"the default ports have been changed."
4549
msgid "Applications that open ports can include an <application>ufw</application> profile, which details the ports needed for the application to function properly. The profiles are kept in <filename role=\"directory\">/etc/ufw/applications.d</filename>, and can be edited if the default ports have been changed."
7050
4550
msgstr ""
7051
4551
7052
4552
#: serverguide/C/security.xml:589(para)
7053
msgid ""
7054
"To view which applications have installed a profile, enter the following in "
7055
"a terminal:"
4553
msgid "To view which applications have installed a profile, enter the following in a terminal:"
7056
4554
msgstr ""
7057
4555
7058
4556
#: serverguide/C/security.xml:594(command)
7060
4558
msgstr ""
7061
4559
7062
4560
#: serverguide/C/security.xml:600(para)
7063
msgid ""
7064
"Similar to allowing traffic to a port, using an application profile is "
7065
"accomplished by entering:"
4561
msgid "Similar to allowing traffic to a port, using an application profile is accomplished by entering:"
7066
4562
msgstr ""
7067
4563
7068
4564
#: serverguide/C/security.xml:605(command)
7078
4574
msgstr ""
7079
4575
7080
4576
#: serverguide/C/security.xml:619(para)
7081
msgid ""
7082
"Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> "
7083
"with the application profile you are using and the IP range for your network."
4577
msgid "Replace <emphasis>Samba</emphasis> and <emphasis>192.168.0.0/24</emphasis> with the application profile you are using and the IP range for your network."
7084
4578
msgstr ""
7085
4579
7086
4580
#: serverguide/C/security.xml:625(para)
7087
msgid ""
7088
"There is no need to specify the <emphasis>protocol</emphasis> for the "
7089
"application, because that information is detailed in the profile. Also, note "
7090
"that the <emphasis>app</emphasis> name replaces the "
7091
"<emphasis>port</emphasis> number."
4581
msgid "There is no need to specify the <emphasis>protocol</emphasis> for the application, because that information is detailed in the profile. Also, note that the <emphasis>app</emphasis> name replaces the <emphasis>port</emphasis> number."
7092
4582
msgstr ""
7093
4583
7094
4584
#: serverguide/C/security.xml:634(para)
7095
msgid ""
7096
"To view details about which ports, protocols, etc are defined for an "
7097
"application, enter:"
4585
msgid "To view details about which ports, protocols, etc are defined for an application, enter:"
7098
4586
msgstr ""
7099
4587
7100
4588
#: serverguide/C/security.xml:639(command)
7102
4590
msgstr ""
7103
4591
7104
4592
#: serverguide/C/security.xml:645(para)
7105
msgid ""
7106
"Not all applications that require opening a network port come with "
7107
"<application>ufw</application> profiles, but if you have profiled an "
7108
"application and want the file to be included with the package, please file a "
7109
"bug against the package in <ulink "
7110
"url=\"https://launchpad.net/\">Launchpad</ulink>."
4593
msgid "Not all applications that require opening a network port come with <application>ufw</application> profiles, but if you have profiled an application and want the file to be included with the package, please file a bug against the package in <ulink url=\"https://launchpad.net/\">Launchpad</ulink>."
7111
4594
msgstr ""
7112
4595
7113
4596
#: serverguide/C/security.xml:654(title)
7115
4598
msgstr ""
7116
4599
7117
4600
#: serverguide/C/security.xml:655(para)
7118
msgid ""
7119
"The purpose of IP Masquerading is to allow machines with private, non-"
7120
"routable IP addresses on your network to access the Internet through the "
7121
"machine doing the masquerading. Traffic from your private network destined "
7122
"for the Internet must be manipulated for replies to be routable back to the "
7123
"machine that made the request. To do this, the kernel must modify the "
7124
"<emphasis>source</emphasis> IP address of each packet so that replies will "
7125
"be routed back to it, rather than to the private IP address that made the "
7126
"request, which is impossible over the Internet. Linux uses "
7127
"<emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which "
7128
"connections belong to which machines and reroute each return packet "
7129
"accordingly. Traffic leaving your private network is thus \"masqueraded\" as "
7130
"having originated from your Ubuntu gateway machine. This process is referred "
7131
"to in Microsoft documentation as Internet Connection Sharing."
4601
msgid "The purpose of IP Masquerading is to allow machines with private, non-routable IP addresses on your network to access the Internet through the machine doing the masquerading. Traffic from your private network destined for the Internet must be manipulated for replies to be routable back to the machine that made the request. To do this, the kernel must modify the <emphasis>source</emphasis> IP address of each packet so that replies will be routed back to it, rather than to the private IP address that made the request, which is impossible over the Internet. Linux uses <emphasis>Connection Tracking</emphasis> (conntrack) to keep track of which connections belong to which machines and reroute each return packet accordingly. Traffic leaving your private network is thus \"masqueraded\" as having originated from your Ubuntu gateway machine. This process is referred to in Microsoft documentation as Internet Connection Sharing."
7132
4602
msgstr ""
7133
4603
7134
4604
#: serverguide/C/security.xml:671(title)
7136
4606
msgstr ""
7137
4607
7138
4608
#: serverguide/C/security.xml:672(para)
7139
msgid ""
7140
"IP Masquerading can be achieved using custom <application>ufw</application> "
7141
"rules. This is possible because the current back-end for "
7142
"<application>ufw</application> is <application>iptables-"
7143
"restore</application> with the rules files located in "
7144
"<filename>/etc/ufw/*.rules</filename>. These files are a great place to add "
7145
"legacy iptables rules used without <application>ufw</application>, and rules "
7146
"that are more network gateway or bridge related."
4609
msgid "IP Masquerading can be achieved using custom <application>ufw</application> rules. This is possible because the current back-end for <application>ufw</application> is <application>iptables-restore</application> with the rules files located in <filename>/etc/ufw/*.rules</filename>. These files are a great place to add legacy iptables rules used without <application>ufw</application>, and rules that are more network gateway or bridge related."
7147
4610
msgstr ""
7148
4611
7149
4612
#: serverguide/C/security.xml:678(para)
7150
msgid ""
7151
"The rules are split into two different files, rules that should be executed "
7152
"before <application>ufw</application> command line rules, and rules that are "
7153
"executed after <application>ufw</application> command line rules."
4613
msgid "The rules are split into two different files, rules that should be executed before <application>ufw</application> command line rules, and rules that are executed after <application>ufw</application> command line rules."
7154
4614
msgstr ""
7155
4615
7156
4616
#: serverguide/C/security.xml:684(para)
7157
msgid ""
7158
"First, packet forwarding needs to be enabled in "
7159
"<application>ufw</application>. Two configuration files will need to be "
7160
"adjusted, in <filename>/etc/default/ufw</filename> change the "
7161
"<emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
4617
msgid "First, packet forwarding needs to be enabled in <application>ufw</application>. Two configuration files will need to be adjusted, in <filename>/etc/default/ufw</filename> change the <emphasis>DEFAULT_FORWARD_POLICY</emphasis> to <quote>ACCEPT</quote>:"
7162
4618
msgstr ""
7163
4619
7164
4620
#: serverguide/C/security.xml:688(programlisting)
7165
4621
#, no-wrap
7166
msgid ""
7167
"\n"
7168
"DEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
4622
msgid "\nDEFAULT_FORWARD_POLICY=\"ACCEPT\"\n"
7169
4623
msgstr ""
7170
4624
7171
4625
#: serverguide/C/security.xml:691(para)
7174
4628
7175
4629
#: serverguide/C/security.xml:694(programlisting)
7176
4630
#, no-wrap
7177
msgid ""
7178
"\n"
7179
"net/ipv4/ip_forward=1\n"
4631
msgid "\nnet/ipv4/ip_forward=1\n"
7180
4632
msgstr ""
7181
4633
7182
4634
#: serverguide/C/security.xml:697(para)
7185
4637
7186
4638
#: serverguide/C/security.xml:700(programlisting)
7187
4639
#, no-wrap
7188
msgid ""
7189
"\n"
7190
"net/ipv6/conf/default/forwarding=1\n"
4640
msgid "\nnet/ipv6/conf/default/forwarding=1\n"
7191
4641
msgstr ""
7192
4642
7193
4643
#: serverguide/C/security.xml:705(para)
7194
msgid ""
7195
"Now we will add rules to the <filename>/etc/ufw/before.rules</filename> "
7196
"file. The default rules only configure the <emphasis>filter</emphasis> "
7197
"table, and to enable masquerading the <emphasis>nat</emphasis> table will "
7198
"need to be configured. Add the following to the top of the file just after "
7199
"the header comments:"
4644
msgid "Now we will add rules to the <filename>/etc/ufw/before.rules</filename> file. The default rules only configure the <emphasis>filter</emphasis> table, and to enable masquerading the <emphasis>nat</emphasis> table will need to be configured. Add the following to the top of the file just after the header comments:"
7200
4645
msgstr ""
7201
4646
7202
4647
#: serverguide/C/security.xml:710(programlisting)
7203
4648
#, no-wrap
7204
msgid ""
7205
"\n"
7206
"# nat Table rules\n"
7207
"*nat\n"
7208
":POSTROUTING ACCEPT [0:0]\n"
7209
"\n"
7210
"# Forward traffic from eth1 through eth0.\n"
7211
"-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n"
7212
"\n"
7213
"# don't delete the 'COMMIT' line or these nat table rules won't be "
7214
"processed\n"
7215
"COMMIT\n"
4649
msgid "\n# nat Table rules\n*nat\n:POSTROUTING ACCEPT [0:0]\n\n# Forward traffic from eth1 through eth0.\n-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE\n\n# don't delete the 'COMMIT' line or these nat table rules won't be processed\nCOMMIT\n"
7216
4650
msgstr ""
7217
4651
7218
4652
#: serverguide/C/security.xml:721(para)
7219
msgid ""
7220
"The comments are not strictly necessary, but it is considered good practice "
7221
"to document your configuration. Also, when modifying any of the "
7222
"<emphasis>rules</emphasis> files in <filename "
7223
"class=\"directory\">/etc/ufw</filename>, make sure these lines are the last "
7224
"line for each table modified:"
4653
msgid "The comments are not strictly necessary, but it is considered good practice to document your configuration. Also, when modifying any of the <emphasis>rules</emphasis> files in <filename class=\"directory\">/etc/ufw</filename>, make sure these lines are the last line for each table modified:"
7225
4654
msgstr ""
7226
4655
7227
4656
#: serverguide/C/security.xml:727(programlisting)
7228
4657
#, no-wrap
7229
msgid ""
7230
"\n"
7231
"# don't delete the 'COMMIT' line or these rules won't be processed\n"
7232
"COMMIT\n"
4658
msgid "\n# don't delete the 'COMMIT' line or these rules won't be processed\nCOMMIT\n"
7233
4659
msgstr ""
7234
4660
7235
4661
#: serverguide/C/security.xml:732(para)
7236
msgid ""
7237
"For each <emphasis>Table</emphasis> a corresponding "
7238
"<emphasis>COMMIT</emphasis> statement is required. In these examples only "
7239
"the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are "
7240
"shown, but you can also add rules for the <emphasis>raw</emphasis> and "
7241
"<emphasis>mangle</emphasis> tables."
4662
msgid "For each <emphasis>Table</emphasis> a corresponding <emphasis>COMMIT</emphasis> statement is required. In these examples only the <emphasis>nat</emphasis> and <emphasis>filter</emphasis> tables are shown, but you can also add rules for the <emphasis>raw</emphasis> and <emphasis>mangle</emphasis> tables."
7242
4663
msgstr ""
7243
4664
7244
4665
#: serverguide/C/security.xml:739(para)
7245
msgid ""
7246
"In the above example replace <emphasis>eth0</emphasis>, "
7247
"<emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the "
7248
"appropriate interfaces and IP range for your network."
4666
msgid "In the above example replace <emphasis>eth0</emphasis>, <emphasis>eth1</emphasis>, and <emphasis>192.168.0.0/24</emphasis> with the appropriate interfaces and IP range for your network."
7249
4667
msgstr ""
7250
4668
7251
4669
#: serverguide/C/security.xml:747(para)
7252
msgid ""
7253
"Finally, disable and re-enable <application>ufw</application> to apply the "
7254
"changes:"
4670
msgid "Finally, disable and re-enable <application>ufw</application> to apply the changes:"
7255
4671
msgstr ""
7256
4672
7257
4673
#: serverguide/C/security.xml:751(command)
7259
4675
msgstr ""
7260
4676
7261
4677
#: serverguide/C/security.xml:755(para)
7262
msgid ""
7263
"IP Masquerading should now be enabled. You can also add any additional "
7264
"FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is "
7265
"recommended that these additional rules be added to the <emphasis>ufw-before-"
7266
"forward</emphasis> chain."
4678
msgid "IP Masquerading should now be enabled. You can also add any additional FORWARD rules to the <filename>/etc/ufw/before.rules</filename>. It is recommended that these additional rules be added to the <emphasis>ufw-before-forward</emphasis> chain."
7267
4679
msgstr ""
7268
4680
7269
4681
#: serverguide/C/security.xml:762(title)
7271
4683
msgstr ""
7272
4684
7273
4685
#: serverguide/C/security.xml:763(para)
7274
msgid ""
7275
"<application>iptables</application> can also be used to enable masquerading."
4686
msgid "<application>iptables</application> can also be used to enable masquerading."
7276
4687
msgstr ""
7277
4688
7278
4689
#: serverguide/C/security.xml:768(para)
7279
msgid ""
7280
"Similar to <application>ufw</application>, the first step is to enable IPv4 "
7281
"packet forwarding by editing <filename>/etc/sysctl.conf</filename> and "
7282
"uncomment the following line"
4690
msgid "Similar to <application>ufw</application>, the first step is to enable IPv4 packet forwarding by editing <filename>/etc/sysctl.conf</filename> and uncomment the following line"
7283
4691
msgstr ""
7284
4692
7285
4693
#: serverguide/C/security.xml:772(programlisting)
7286
4694
#, no-wrap
7287
msgid ""
7288
"\n"
7289
"net.ipv4.ip_forward=1\n"
4695
msgid "\nnet.ipv4.ip_forward=1\n"
7290
4696
msgstr ""
7291
4697
7292
4698
#: serverguide/C/security.xml:775(para)
7295
4701
7296
4702
#: serverguide/C/security.xml:778(programlisting)
7297
4703
#, no-wrap
7298
msgid ""
7299
"\n"
7300
"net.ipv6.conf.default.forwarding=1\n"
4704
msgid "\nnet.ipv6.conf.default.forwarding=1\n"
7301
4705
msgstr ""
7302
4706
7303
4707
#: serverguide/C/security.xml:783(para)
7304
msgid ""
7305
"Next, execute the <application>sysctl</application> command to enable the "
7306
"new settings in the configuration file:"
4708
msgid "Next, execute the <application>sysctl</application> command to enable the new settings in the configuration file:"
7307
4709
msgstr ""
7308
4710
7309
4711
#: serverguide/C/security.xml:787(command)
7311
4713
msgstr ""
7312
4714
7313
4715
#: serverguide/C/security.xml:791(para)
7314
msgid ""
7315
"IP Masquerading can now be accomplished with a single iptables rule, which "
7316
"may differ slightly based on your network configuration:"
4716
msgid "IP Masquerading can now be accomplished with a single iptables rule, which may differ slightly based on your network configuration:"
7317
4717
msgstr ""
7318
4718
7319
4719
#: serverguide/C/security.xml:794(screen)
7320
4720
#, no-wrap
7321
msgid ""
7322
"\n"
7323
"sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
4721
msgid "\nsudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7324
4722
msgstr ""
7325
4723
7326
4724
#: serverguide/C/security.xml:797(para)
7327
msgid ""
7328
"The above command assumes that your private address space is 192.168.0.0/16 "
7329
"and that your Internet-facing device is ppp0. The syntax is broken down as "
7330
"follows:"
4725
msgid "The above command assumes that your private address space is 192.168.0.0/16 and that your Internet-facing device is ppp0. The syntax is broken down as follows:"
7331
4726
msgstr ""
7332
4727
7333
4728
#: serverguide/C/security.xml:802(para)
7335
4730
msgstr ""
7336
4731
7337
4732
#: serverguide/C/security.xml:803(para)
7338
msgid ""
7339
"-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
4733
msgid "-A POSTROUTING -- the rule is to be appended (-A) to the POSTROUTING chain"
7340
4734
msgstr ""
7341
4735
7342
4736
#: serverguide/C/security.xml:804(para)
7343
msgid ""
7344
"-s 192.168.0.0/16 -- the rule applies to traffic originating from the "
7345
"specified address space"
4737
msgid "-s 192.168.0.0/16 -- the rule applies to traffic originating from the specified address space"
7346
4738
msgstr ""
7347
4739
7348
4740
#: serverguide/C/security.xml:805(para)
7349
msgid ""
7350
"-o ppp0 -- the rule applies to traffic scheduled to be routed through the "
7351
"specified network device"
4741
msgid "-o ppp0 -- the rule applies to traffic scheduled to be routed through the specified network device"
7352
4742
msgstr ""
7353
4743
7354
4744
#: serverguide/C/security.xml:807(para)
7355
msgid ""
7356
"-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the "
7357
"MASQUERADE target to be manipulated as described above"
4745
msgid "-j MASQUERADE -- traffic matching this rule is to \"jump\" (-j) to the MASQUERADE target to be manipulated as described above"
7358
4746
msgstr ""
7359
4747
7360
4748
#: serverguide/C/security.xml:815(para)
7361
msgid ""
7362
"Also, each chain in the filter table (the default table, and where most or "
7363
"all packet filtering occurs) has a default <emphasis>policy</emphasis> of "
7364
"ACCEPT, but if you are creating a firewall in addition to a gateway device, "
7365
"you may have set the policies to DROP or REJECT, in which case your "
7366
"masqueraded traffic needs to be allowed through the FORWARD chain for the "
7367
"above rule to work:"
4749
msgid "Also, each chain in the filter table (the default table, and where most or all packet filtering occurs) has a default <emphasis>policy</emphasis> of ACCEPT, but if you are creating a firewall in addition to a gateway device, you may have set the policies to DROP or REJECT, in which case your masqueraded traffic needs to be allowed through the FORWARD chain for the above rule to work:"
7368
4750
msgstr ""
7369
4751
7370
4752
#: serverguide/C/security.xml:822(screen)
7371
4753
#, no-wrap
7372
msgid ""
7373
"\n"
7374
"sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\n"
7375
"sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state "
7376
"ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
4754
msgid "\nsudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT\nsudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT\n"
7377
4755
msgstr ""
7378
4756
7379
4757
#: serverguide/C/security.xml:826(para)
7380
msgid ""
7381
"The above commands will allow all connections from your local network to the "
7382
"Internet and all traffic related to those connections to return to the "
7383
"machine that initiated them."
4758
msgid "The above commands will allow all connections from your local network to the Internet and all traffic related to those connections to return to the machine that initiated them."
7384
4759
msgstr ""
7385
4760
7386
4761
#: serverguide/C/security.xml:833(para)
7387
msgid ""
7388
"If you want masquerading to be enabled on reboot, which you probably do, "
7389
"edit <filename>/etc/rc.local</filename> and add any commands used above. For "
7390
"example add the first command with no filtering:"
4762
msgid "If you want masquerading to be enabled on reboot, which you probably do, edit <filename>/etc/rc.local</filename> and add any commands used above. For example add the first command with no filtering:"
7391
4763
msgstr ""
7392
4764
7393
4765
#: serverguide/C/security.xml:837(screen)
7394
4766
#, no-wrap
7395
msgid ""
7396
"\n"
7397
"iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
4767
msgid "\niptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE\n"
7398
4768
msgstr ""
7399
4769
7400
4770
#: serverguide/C/security.xml:845(title)
7402
4772
msgstr ""
7403
4773
7404
4774
#: serverguide/C/security.xml:846(para)
7405
msgid ""
7406
"Firewall logs are essential for recognizing attacks, troubleshooting your "
7407
"firewall rules, and noticing unusual activity on your network. You must "
7408
"include logging rules in your firewall for them to be generated, though, and "
7409
"logging rules must come before any applicable terminating rule (a rule with "
7410
"a target that decides the fate of the packet, such as ACCEPT, DROP, or "
7411
"REJECT)."
4775
msgid "Firewall logs are essential for recognizing attacks, troubleshooting your firewall rules, and noticing unusual activity on your network. You must include logging rules in your firewall for them to be generated, though, and logging rules must come before any applicable terminating rule (a rule with a target that decides the fate of the packet, such as ACCEPT, DROP, or REJECT)."
7412
4776
msgstr ""
7413
4777
7414
4778
#: serverguide/C/security.xml:853(para)
7415
msgid ""
7416
"If you are using <application>ufw</application>, you can turn on logging by "
7417
"entering the following in a terminal:"
4779
msgid "If you are using <application>ufw</application>, you can turn on logging by entering the following in a terminal:"
7418
4780
msgstr ""
7419
4781
7420
4782
#: serverguide/C/security.xml:857(command)
7422
4784
msgstr ""
7423
4785
7424
4786
#: serverguide/C/security.xml:859(para)
7425
msgid ""
7426
"To turn logging off in <application>ufw</application>, simply replace "
7427
"<emphasis role=\"italic\">on</emphasis> with <emphasis "
7428
"role=\"italic\">off</emphasis> in the above command."
4787
msgid "To turn logging off in <application>ufw</application>, simply replace <emphasis role=\"italic\">on</emphasis> with <emphasis role=\"italic\">off</emphasis> in the above command."
7429
4788
msgstr ""
7430
4789
7431
4790
#: serverguide/C/security.xml:862(para)
7432
msgid ""
7433
"If using <application>iptables</application> instead of "
7434
"<application>ufw</application>, enter:"
4791
msgid "If using <application>iptables</application> instead of <application>ufw</application>, enter:"
7435
4792
msgstr ""
7436
4793
7437
4794
#: serverguide/C/security.xml:865(screen)
7438
4795
#, no-wrap
7439
msgid ""
7440
"\n"
7441
"sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-"
7442
"prefix \"NEW_HTTP_CONN: \"\n"
4796
msgid "\nsudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j LOG --log-prefix \"NEW_HTTP_CONN: \"\n"
7443
4797
msgstr ""
7444
4798
7445
4799
#: serverguide/C/security.xml:868(para)
7446
msgid ""
7447
"A request on port 80 from the local machine, then, would generate a log in "
7448
"dmesg that looks like this:"
4800
msgid "A request on port 80 from the local machine, then, would generate a log in dmesg that looks like this:"
7449
4801
msgstr ""
7450
4802
7451
4803
#: serverguide/C/security.xml:873(programlisting)
7452
4804
#, no-wrap
7453
msgid ""
7454
"[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= "
7455
"MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 "
7456
"LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 "
7457
"WINDOW=32767 RES=0x00 SYN URGP=0"
4805
msgid "[4304885.870000] NEW_HTTP_CONN: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=58288 DF PROTO=TCP SPT=53981 DPT=80 WINDOW=32767 RES=0x00 SYN URGP=0"
7458
4806
msgstr ""
7459
4807
7460
4808
#: serverguide/C/security.xml:875(para)
7461
msgid ""
7462
"The above log will also appear in <filename>/var/log/messages</filename>, "
7463
"<filename>/var/log/syslog</filename>, and "
7464
"<filename>/var/log/kern.log</filename>. This behavior can be modified by "
7465
"editing <filename>/etc/syslog.conf</filename> appropriately or by installing "
7466
"and configuring <application>ulogd</application> and using the ULOG target "
7467
"instead of LOG. The <application>ulogd</application> daemon is a userspace "
7468
"server that listens for logging instructions from the kernel specifically "
7469
"for firewalls, and can log to any file you like, or even to a "
7470
"<application>PostgreSQL</application> or <application>MySQL</application> "
7471
"database. Making sense of your firewall logs can be simplified by using a "
7472
"log analyzing tool such as <application>fwanalog</application>, "
7473
"<application> fwlogwatch</application>, or <application>lire</application>."
4809
msgid "The above log will also appear in <filename>/var/log/messages</filename>, <filename>/var/log/syslog</filename>, and <filename>/var/log/kern.log</filename>. This behavior can be modified by editing <filename>/etc/syslog.conf</filename> appropriately or by installing and configuring <application>ulogd</application> and using the ULOG target instead of LOG. The <application>ulogd</application> daemon is a userspace server that listens for logging instructions from the kernel specifically for firewalls, and can log to any file you like, or even to a <application>PostgreSQL</application> or <application>MySQL</application> database. Making sense of your firewall logs can be simplified by using a log analyzing tool such as <application>fwanalog</application>, <application> fwlogwatch</application>, or <application>lire</application>."
7474
4810
msgstr ""
7475
4811
7476
4812
#: serverguide/C/security.xml:890(title)
7478
4814
msgstr ""
7479
4815
7480
4816
#: serverguide/C/security.xml:891(para)
7481
msgid ""
7482
"There are many tools available to help you construct a complete firewall "
7483
"without intimate knowledge of iptables. For the GUI-inclined:"
4817
msgid "There are many tools available to help you construct a complete firewall without intimate knowledge of iptables. For the GUI-inclined:"
7484
4818
msgstr ""
7485
4819
7486
4820
#: serverguide/C/security.xml:897(para)
7487
msgid ""
7488
"<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite "
7489
"popular and easy to use."
4821
msgid "<ulink url=\"http://www.fs-security.com/\">Firestarter</ulink> is quite popular and easy to use."
7490
4822
msgstr ""
7491
4823
7492
4824
#: serverguide/C/security.xml:902(para)
7493
msgid ""
7494
"<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful "
7495
"and will look familiar to an administrator who has used a commercial "
7496
"firewall utility such as <application>Checkpoint FireWall-1</application>."
4825
msgid "<ulink url=\"http://www.fwbuilder.org/\">fwbuilder</ulink> is very powerful and will look familiar to an administrator who has used a commercial firewall utility such as <application>Checkpoint FireWall-1</application>."
7497
4826
msgstr ""
7498
4827
7499
4828
#: serverguide/C/security.xml:908(para)
7500
msgid ""
7501
"If you prefer a command-line tool with plain-text configuration files:"
4829
msgid "If you prefer a command-line tool with plain-text configuration files:"
7502
4830
msgstr ""
7503
4831
7504
4832
#: serverguide/C/security.xml:913(para)
7505
msgid ""
7506
"<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very "
7507
"powerful solution to help you configure an advanced firewall for any network."
4833
msgid "<ulink url=\"http://www.shorewall.net/\">Shorewall</ulink> is a very powerful solution to help you configure an advanced firewall for any network."
7508
4834
msgstr ""
7509
4835
7510
4836
#: serverguide/C/security.xml:919(para)
7511
msgid ""
7512
"<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you "
7513
"a working firewall \"out of the box\" with zero configuration, and will "
7514
"allow you to easily set up a more advanced firewall by editing simple, well-"
7515
"documented configuration files."
4837
msgid "<ulink url=\"http://www.linuxkungfu.org/\">ipkungfu</ulink> should give you a working firewall \"out of the box\" with zero configuration, and will allow you to easily set up a more advanced firewall by editing simple, well-documented configuration files."
7516
4838
msgstr ""
7517
4839
7518
4840
#: serverguide/C/security.xml:926(para)
7519
msgid ""
7520
"<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is "
7521
"designed to be a desktop firewall application. It is made up of a server "
7522
"(fireflier-server) and your choice of GUI clients (GTK or QT), and behaves "
7523
"like many popular interactive firewall applications for Windows."
4841
msgid "<ulink url=\"http://fireflier.sourceforge.net/\">fireflier</ulink> is designed to be a desktop firewall application. It is made up of a server (fireflier-server) and your choice of GUI clients (GTK or QT), and behaves like many popular interactive firewall applications for Windows."
7524
4842
msgstr ""
7525
4843
7526
4844
#: serverguide/C/security.xml:938(para)
7527
msgid ""
7528
"The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu "
7529
"Firewall</ulink> wiki page contains information on the development of "
7530
"<application>ufw</application>."
4845
msgid "The <ulink url=\"https://wiki.ubuntu.com/UbuntuFirewall\">Ubuntu Firewall</ulink> wiki page contains information on the development of <application>ufw</application>."
7531
4846
msgstr ""
7532
4847
7533
4848
#: serverguide/C/security.xml:944(para)
7534
msgid ""
7535
"Also, the <application>ufw</application> manual page contains some very "
7536
"useful information: <command>man ufw</command>."
4849
msgid "Also, the <application>ufw</application> manual page contains some very useful information: <command>man ufw</command>."
7537
4850
msgstr ""
7538
4851
7539
4852
#: serverguide/C/security.xml:949(para)
7540
msgid ""
7541
"See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-"
7542
"filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information "
7543
"on using <application>iptables</application>."
4853
msgid "See the <ulink url=\"http://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html\">packet-filtering-HOWTO</ulink> for more information on using <application>iptables</application>."
7544
4854
msgstr ""
7545
4855
7546
4856
#: serverguide/C/security.xml:955(para)
7547
msgid ""
7548
"The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-"
7549
"HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
4857
msgid "The <ulink url=\"http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html\">nat-HOWTO</ulink> contains further details on masquerading."
7550
4858
msgstr ""
7551
4859
7552
4860
#: serverguide/C/security.xml:964(title)
7554
4862
msgstr ""
7555
4863
7556
4864
#: serverguide/C/security.xml:965(para)
7557
msgid ""
7558
"<application>AppArmor</application> is a Linux Security Module "
7559
"implementation of name-based mandatory access controls. AppArmor confines "
7560
"individual programs to a set of listed files and posix 1003.1e draft "
7561
"capabilities."
4865
msgid "<application>AppArmor</application> is a Linux Security Module implementation of name-based mandatory access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities."
7562
4866
msgstr ""
7563
4867
7564
4868
#: serverguide/C/security.xml:969(para)
7565
msgid ""
7566
"<application>AppArmor</application> is installed and loaded by default. It "
7567
"uses <emphasis>profiles</emphasis> of an application to determine what files "
7568
"and permissions the application requires. Some packages will install their "
7569
"own profiles, and additional profiles can be found in the "
7570
"<application>apparmor-profiles</application> package."
4869
msgid "<application>AppArmor</application> is installed and loaded by default. It uses <emphasis>profiles</emphasis> of an application to determine what files and permissions the application requires. Some packages will install their own profiles, and additional profiles can be found in the <application>apparmor-profiles</application> package."
7571
4870
msgstr ""
7572
4871
7573
4872
#: serverguide/C/security.xml:974(para)
7574
msgid ""
7575
"To install the <application>apparmor-profiles</application> package from a "
7576
"terminal prompt:"
4873
msgid "To install the <application>apparmor-profiles</application> package from a terminal prompt:"
7577
4874
msgstr ""
7578
4875
7579
4876
#: serverguide/C/security.xml:980(para)
7581
4878
msgstr ""
7582
4879
7583
4880
#: serverguide/C/security.xml:985(para)
7584
msgid ""
7585
"Complaining/Learning: profile violations are permitted and logged. Useful "
7586
"for testing and developing new profiles."
4881
msgid "Complaining/Learning: profile violations are permitted and logged. Useful for testing and developing new profiles."
7587
4882
msgstr ""
7588
4883
7589
4884
#: serverguide/C/security.xml:990(para)
7590
msgid ""
7591
"Enforced/Confined: enforces profile policy as well as logging the violation."
4885
msgid "Enforced/Confined: enforces profile policy as well as logging the violation."
7592
4886
msgstr ""
7593
4887
7594
4888
#: serverguide/C/security.xml:996(title)
7596
4890
msgstr ""
7597
4891
7598
4892
#: serverguide/C/security.xml:997(para)
7599
msgid ""
7600
"The <application>apparmor-utils</application> package contains command line "
7601
"utilities that you can use to change the <application>AppArmor</application> "
7602
"execution mode, find the status of a profile, create new profiles, etc."
4893
msgid "The <application>apparmor-utils</application> package contains command line utilities that you can use to change the <application>AppArmor</application> execution mode, find the status of a profile, create new profiles, etc."
7603
4894
msgstr ""
7604
4895
7605
4896
#: serverguide/C/security.xml:1003(para)
7606
msgid ""
7607
"<application>apparmor_status</application> is used to view the current "
7608
"status of AppArmor profiles."
4897
msgid "<application>apparmor_status</application> is used to view the current status of AppArmor profiles."
7609
4898
msgstr ""
7610
4899
7611
4900
#: serverguide/C/security.xml:1007(command)
7613
4902
msgstr ""
7614
4903
7615
4904
#: serverguide/C/security.xml:1011(para)
7616
msgid ""
7617
"<application>aa-complain</application> places a profile into "
7618
"<emphasis>complain</emphasis> mode."
4905
msgid "<application>aa-complain</application> places a profile into <emphasis>complain</emphasis> mode."
7619
4906
msgstr ""
7620
4907
7621
4908
#: serverguide/C/security.xml:1015(command)
7623
4910
msgstr ""
7624
4911
7625
4912
#: serverguide/C/security.xml:1019(para)
7626
msgid ""
7627
"<application>aa-enforce</application> places a profile into "
7628
"<emphasis>enforce</emphasis> mode."
4913
msgid "<application>aa-enforce</application> places a profile into <emphasis>enforce</emphasis> mode."
7629
4914
msgstr ""
7630
4915
7631
4916
#: serverguide/C/security.xml:1023(command)
7633
4918
msgstr ""
7634
4919
7635
4920
#: serverguide/C/security.xml:1027(para)
7636
msgid ""
7637
"The <filename>/etc/apparmor.d</filename> directory is where the AppArmor "
7638
"profiles are located. It can be used to manipulate the "
7639
"<emphasis>mode</emphasis> of all profiles."
4921
msgid "The <filename>/etc/apparmor.d</filename> directory is where the AppArmor profiles are located. It can be used to manipulate the <emphasis>mode</emphasis> of all profiles."
7640
4922
msgstr ""
7641
4923
7642
4924
#: serverguide/C/security.xml:1031(para)
7656
4938
msgstr ""
7657
4939
7658
4940
#: serverguide/C/security.xml:1045(para)
7659
msgid ""
7660
"<application>apparmor_parser</application> is used to load a profile into "
7661
"the kernel. It can also be used to reload a currently loaded profile using "
7662
"the <emphasis>-r</emphasis> option. To load a profile:"
4941
msgid "<application>apparmor_parser</application> is used to load a profile into the kernel. It can also be used to reload a currently loaded profile using the <emphasis>-r</emphasis> option. To load a profile:"
7663
4942
msgstr ""
7664
4943
7665
4944
#: serverguide/C/security.xml:1050(command) serverguide/C/security.xml:1082(command)
7675
4954
msgstr ""
7676
4955
7677
4956
#: serverguide/C/security.xml:1060(para)
7678
msgid ""
7679
"<filename>/etc/init.d/apparmor</filename> can be used to "
7680
"<emphasis>reload</emphasis> all profiles:"
4957
msgid "<filename>/etc/init.d/apparmor</filename> can be used to <emphasis>reload</emphasis> all profiles:"
7681
4958
msgstr ""
7682
4959
7683
4960
#: serverguide/C/security.xml:1064(command)
7685
4962
msgstr ""
7686
4963
7687
4964
#: serverguide/C/security.xml:1068(para)
7688
msgid ""
7689
"The <filename>/etc/apparmor.d/disable</filename> directory can be used along "
7690
"with the <application>apparmor_parser -R</application> option to "
7691
"<emphasis>disable</emphasis> a profile."
4965
msgid "The <filename>/etc/apparmor.d/disable</filename> directory can be used along with the <application>apparmor_parser -R</application> option to <emphasis>disable</emphasis> a profile."
7692
4966
msgstr ""
7693
4967
7694
4968
#: serverguide/C/security.xml:1073(command)
7700
4974
msgstr ""
7701
4975
7702
4976
#: serverguide/C/security.xml:1076(para)
7703
msgid ""
7704
"To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic "
7705
"link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then "
7706
"load the profile using the <emphasis>-a</emphasis> option."
4977
msgid "To <emphasis>re-enable</emphasis> a disabled profile remove the symbolic link to the profile in <filename>/etc/apparmor.d/disable/</filename>. Then load the profile using the <emphasis>-a</emphasis> option."
7707
4978
msgstr ""
7708
4979
7709
4980
#: serverguide/C/security.xml:1081(command)
7711
4982
msgstr ""
7712
4983
7713
4984
#: serverguide/C/security.xml:1086(para)
7714
msgid ""
7715
"<application>AppArmor</application> can be disabled, and the kernel module "
7716
"unloaded by entering the following:"
4985
msgid "<application>AppArmor</application> can be disabled, and the kernel module unloaded by entering the following:"
7717
4986
msgstr ""
7718
4987
7719
4988
#: serverguide/C/security.xml:1090(command)
7737
5006
msgstr ""
7738
5007
7739
5008
#: serverguide/C/security.xml:1105(para)
7740
msgid ""
7741
"Replace <emphasis>profile.name</emphasis> with the name of the profile you "
7742
"want to manipulate. Also, replace <filename>/path/to/bin/</filename> with "
7743
"the actual executable file path. For example for the "
7744
"<application>ping</application> command use <filename>/bin/ping</filename>"
5009
msgid "Replace <emphasis>profile.name</emphasis> with the name of the profile you want to manipulate. Also, replace <filename>/path/to/bin/</filename> with the actual executable file path. For example for the <application>ping</application> command use <filename>/bin/ping</filename>"
7745
5010
msgstr ""
7746
5011
7747
5012
#: serverguide/C/security.xml:1113(title)
7749
5014
msgstr ""
7750
5015
7751
5016
#: serverguide/C/security.xml:1114(para)
7752
msgid ""
7753
"<application>AppArmor</application> profiles are simple text files located "
7754
"in <filename>/etc/apparmor.d/</filename>. The files are named after the full "
7755
"path to the executable they profile replacing the \"/\" with \".\". For "
7756
"example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor "
7757
"profile for the <filename>/bin/ping</filename> command."
5017
msgid "<application>AppArmor</application> profiles are simple text files located in <filename>/etc/apparmor.d/</filename>. The files are named after the full path to the executable they profile replacing the \"/\" with \".\". For example <filename>/etc/apparmor.d/bin.ping</filename> is the AppArmor profile for the <filename>/bin/ping</filename> command."
7758
5018
msgstr ""
7759
5019
7760
5020
#: serverguide/C/security.xml:1120(para)
7762
5022
msgstr ""
7763
5023
7764
5024
#: serverguide/C/security.xml:1125(para)
7765
msgid ""
7766
"<emphasis>Path entries:</emphasis> which detail which files an application "
7767
"can access in the file system."
5025
msgid "<emphasis>Path entries:</emphasis> which detail which files an application can access in the file system."
7768
5026
msgstr ""
7769
5027
7770
5028
#: serverguide/C/security.xml:1130(para)
7771
msgid ""
7772
"<emphasis>Capability entries:</emphasis> determine what privileges a "
7773
"confined process is allowed to use."
5029
msgid "<emphasis>Capability entries:</emphasis> determine what privileges a confined process is allowed to use."
7774
5030
msgstr ""
7775
5031
7776
5032
#: serverguide/C/security.xml:1135(para)
7777
msgid ""
7778
"As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
5033
msgid "As an example take a look at <filename>/etc/apparmor.d/bin.ping</filename>:"
7779
5034
msgstr ""
7780
5035
7781
5036
#: serverguide/C/security.xml:1138(programlisting)
7782
5037
#, no-wrap
7783
msgid ""
7784
"\n"
7785
"#include <tunables/global>\n"
7786
"/bin/ping flags=(complain) {\n"
7787
" #include <abstractions/base>\n"
7788
" #include <abstractions/consoles>\n"
7789
" #include <abstractions/nameservice>\n"
7790
"\n"
7791
" capability net_raw,\n"
7792
" capability setuid,\n"
7793
" network inet raw,\n"
7794
" \n"
7795
" /bin/ping mixr,\n"
7796
" /etc/modules.conf r,\n"
7797
"}\n"
5038
msgid "\n#include <tunables/global>\n/bin/ping flags=(complain) {\n #include <abstractions/base>\n #include <abstractions/consoles>\n #include <abstractions/nameservice>\n\n capability net_raw,\n capability setuid,\n network inet raw,\n \n /bin/ping mixr,\n /etc/modules.conf r,\n}\n"
7798
5039
msgstr ""
7799
5040
7800
5041
#: serverguide/C/security.xml:1155(para)
7801
msgid ""
7802
"<emphasis>#include <tunables/global>:</emphasis> include statements "
7803
"from other files. This allows statements pertaining to multiple applications "
7804
"to be placed in a common file."
5042
msgid "<emphasis>#include <tunables/global>:</emphasis> include statements from other files. This allows statements pertaining to multiple applications to be placed in a common file."
7805
5043
msgstr ""
7806
5044
7807
5045
#: serverguide/C/security.xml:1161(para)
7808
msgid ""
7809
"<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled "
7810
"program, also setting the mode to <emphasis>complain</emphasis>."
5046
msgid "<emphasis>/bin/ping flags=(complain):</emphasis> path to the profiled program, also setting the mode to <emphasis>complain</emphasis>."
7811
5047
msgstr ""
7812
5048
7813
5049
#: serverguide/C/security.xml:1167(para)
7814
msgid ""
7815
"<emphasis>capability net_raw,:</emphasis> allows the application access to "
7816
"the CAP_NET_RAW Posix.1e capability."
5050
msgid "<emphasis>capability net_raw,:</emphasis> allows the application access to the CAP_NET_RAW Posix.1e capability."
7817
5051
msgstr ""
7818
5052
7819
5053
#: serverguide/C/security.xml:1172(para)
7820
msgid ""
7821
"<emphasis>/bin/ping mixr,:</emphasis> allows the application read and "
7822
"execute access to the file."
5054
msgid "<emphasis>/bin/ping mixr,:</emphasis> allows the application read and execute access to the file."
7823
5055
msgstr ""
7824
5056
7825
5057
#: serverguide/C/security.xml:1178(para)
7826
msgid ""
7827
"After editing a profile file the profile must be reloaded. See <xref "
7828
"linkend=\"apparmor-usage\"/> for details."
5058
msgid "After editing a profile file the profile must be reloaded. See <xref linkend=\"apparmor-usage\"/> for details."
7829
5059
msgstr ""
7830
5060
7831
5061
#: serverguide/C/security.xml:1183(title)
7833
5063
msgstr ""
7834
5064
7835
5065
#: serverguide/C/security.xml:1186(para)
7836
msgid ""
7837
"<emphasis>Design a test plan:</emphasis> Try to think about how the "
7838
"application should be exercised. The test plan should be divided into small "
7839
"test cases. Each test case should have a small description and list the "
7840
"steps to follow."
5066
msgid "<emphasis>Design a test plan:</emphasis> Try to think about how the application should be exercised. The test plan should be divided into small test cases. Each test case should have a small description and list the steps to follow."
7841
5067
msgstr ""
7842
5068
7843
5069
#: serverguide/C/security.xml:1190(para)
7861
5087
msgstr ""
7862
5088
7863
5089
#: serverguide/C/security.xml:1217(para)
7864
msgid ""
7865
"<emphasis>Generate the new profile:</emphasis> Use <application>aa-"
7866
"genprof</application> to generate a new profile. From a terminal:"
5090
msgid "<emphasis>Generate the new profile:</emphasis> Use <application>aa-genprof</application> to generate a new profile. From a terminal:"
7867
5091
msgstr ""
7868
5092
7869
5093
#: serverguide/C/security.xml:1222(command)
7879
5103
msgstr ""
7880
5104
7881
5105
#: serverguide/C/security.xml:1232(para)
7882
msgid ""
7883
"To get your new profile included in the <application>apparmor-"
7884
"profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> "
7885
"against the <ulink "
7886
"url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor<"
7887
"/ulink> package:"
5106
msgid "To get your new profile included in the <application>apparmor-profiles</application> package, file a bug in <emphasis>Launchpad</emphasis> against the <ulink url=\"https://bugs.launchpad.net/ubuntu/+source/apparmor/+filebug\">AppArmor</ulink> package:"
7888
5107
msgstr ""
7889
5108
7890
5109
#: serverguide/C/security.xml:1239(para)
7900
5119
msgstr ""
7901
5120
7902
5121
#: serverguide/C/security.xml:1254(para)
7903
msgid ""
7904
"When the program is misbehaving, audit messages are sent to the log files. "
7905
"The program <application>aa-logprof</application> can be used to scan log "
7906
"files for <application>AppArmor</application> audit messages, review them "
7907
"and update the profiles. From a terminal:"
5122
msgid "When the program is misbehaving, audit messages are sent to the log files. The program <application>aa-logprof</application> can be used to scan log files for <application>AppArmor</application> audit messages, review them and update the profiles. From a terminal:"
7908
5123
msgstr ""
7909
5124
7910
5125
#: serverguide/C/security.xml:1259(command)
7912
5127
msgstr ""
7913
5128
7914
5129
#: serverguide/C/security.xml:1267(para)
7915
msgid ""
7916
"See the <ulink "
7917
"url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/ind"
7918
"ex.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmo"
7919
"r_admin.html\">AppArmor Administration Guide</ulink> for advanced "
7920
"configuration options."
5130
msgid "See the <ulink url=\"http://www.novell.com/documentation/apparmor/apparmor201_sp10_admin/index.html?page=/documentation/apparmor/apparmor201_sp10_admin/data/book_apparmor_admin.html\">AppArmor Administration Guide</ulink> for advanced configuration options."
7921
5131
msgstr ""
7922
5132
7923
5133
#: serverguide/C/security.xml:1274(para)
7924
msgid ""
7925
"For details using AppArmor with other Ubuntu releases see the <ulink "
7926
"url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community "
7927
"Wiki</ulink> page."
5134
msgid "For details using AppArmor with other Ubuntu releases see the <ulink url=\"https://help.ubuntu.com/community/AppArmor\"> AppArmor Community Wiki</ulink> page."
7928
5135
msgstr ""
7929
5136
7930
5137
#: serverguide/C/security.xml:1282(para)
7931
msgid ""
7932
"The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> "
7933
"page is another introduction to AppArmor."
5138
msgid "The <ulink url=\"http://en.opensuse.org/AppArmor\">OpenSUSE AppArmor</ulink> page is another introduction to AppArmor."
7934
5139
msgstr ""
7935
5140
7936
5141
#: serverguide/C/security.xml:1289(para)
7937
msgid ""
7938
"A great place to ask for <application>AppArmor</application> assistance, and "
7939
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
7940
"server</emphasis> IRC channel on <ulink "
7941
"url=\"http://freenode.net\">freenode</ulink>."
5142
msgid "A great place to ask for <application>AppArmor</application> assistance, and get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
7942
5143
msgstr ""
7943
5144
7944
5145
#: serverguide/C/security.xml:1299(title)
7946
5147
msgstr ""
7947
5148
7948
5149
#: serverguide/C/security.xml:1300(para)
7949
msgid ""
7950
"One of the most common forms of cryptography today is <emphasis>public-"
7951
"key</emphasis> cryptography. Public-key cryptography utilizes a "
7952
"<emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The "
7953
"system works by <emphasis>encrypting</emphasis> information using the public "
7954
"key. The information can then only be <emphasis>decrypted</emphasis> using "
7955
"the private key."
5150
msgid "One of the most common forms of cryptography today is <emphasis>public-key</emphasis> cryptography. Public-key cryptography utilizes a <emphasis>public key</emphasis> and a <emphasis>private key</emphasis>. The system works by <emphasis>encrypting</emphasis> information using the public key. The information can then only be <emphasis>decrypted</emphasis> using the private key."
7956
5151
msgstr ""
7957
5152
7958
5153
#: serverguide/C/security.xml:1306(para)
7959
msgid ""
7960
"A common use for public-key cryptography is encrypting application traffic "
7961
"using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) "
7962
"connection. For example, configuring Apache to provide "
7963
"<emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to "
7964
"encrypt traffic using a protocol that does not itself provide encryption."
5154
msgid "A common use for public-key cryptography is encrypting application traffic using a Secure Socket Layer (SSL) or Transport Layer Security (TLS) connection. For example, configuring Apache to provide <emphasis>HTTPS</emphasis>, the HTTP protocol over SSL. This allows a way to encrypt traffic using a protocol that does not itself provide encryption."
7965
5155
msgstr ""
7966
5156
7967
5157
#: serverguide/C/security.xml:1311(para)
7968
msgid ""
7969
"A <emphasis>Certificate</emphasis> is a method used to distribute a "
7970
"<emphasis>public key</emphasis> and other information about a server and the "
7971
"organization who is responsible for it. Certificates can be digitally signed "
7972
"by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted "
7973
"third party that has confirmed that the information contained in the "
7974
"certificate is accurate."
5158
msgid "A <emphasis>Certificate</emphasis> is a method used to distribute a <emphasis>public key</emphasis> and other information about a server and the organization who is responsible for it. Certificates can be digitally signed by a <emphasis>Certification Authority</emphasis> or CA. A CA is a trusted third party that has confirmed that the information contained in the certificate is accurate."
7975
5159
msgstr ""
7976
5160
7977
5161
#: serverguide/C/security.xml:1318(title)
7979
5163
msgstr ""
7980
5164
7981
5165
#: serverguide/C/security.xml:1319(para)
7982
msgid ""
7983
"To set up a secure server using public-key cryptography, in most cases, you "
7984
"send your certificate request (including your public key), proof of your "
7985
"company's identity, and payment to a CA. The CA verifies the certificate "
7986
"request and your identity, and then sends back a certificate for your secure "
7987
"server. Alternatively, you can create your own <emphasis>self-"
7988
"signed</emphasis> certificate."
5166
msgid "To set up a secure server using public-key cryptography, in most cases, you send your certificate request (including your public key), proof of your company's identity, and payment to a CA. The CA verifies the certificate request and your identity, and then sends back a certificate for your secure server. Alternatively, you can create your own <emphasis>self-signed</emphasis> certificate."
7989
5167
msgstr ""
7990
5168
7991
5169
#: serverguide/C/security.xml:1329(para)
7992
msgid ""
7993
"Note, that self-signed certificates should not be used in most production "
7994
"environments."
5170
msgid "Note, that self-signed certificates should not be used in most production environments."
7995
5171
msgstr ""
7996
5172
7997
5173
#: serverguide/C/security.xml:1333(para)
7998
msgid ""
7999
"Continuing the HTTPS example, a CA-signed certificate provides two important "
8000
"capabilities that a self-signed certificate does not:"
5174
msgid "Continuing the HTTPS example, a CA-signed certificate provides two important capabilities that a self-signed certificate does not:"
8001
5175
msgstr ""
8002
5176
8003
5177
#: serverguide/C/security.xml:1340(para)
8004
msgid ""
8005
"Browsers (usually) automatically recognize the certificate and allow a "
8006
"secure connection to be made without prompting the user."
5178
msgid "Browsers (usually) automatically recognize the certificate and allow a secure connection to be made without prompting the user."
8007
5179
msgstr ""
8008
5180
8009
5181
#: serverguide/C/security.xml:1347(para)
8010
msgid ""
8011
"When a CA issues a signed certificate, it is guaranteeing the identity of "
8012
"the organization that is providing the web pages to the browser."
5182
msgid "When a CA issues a signed certificate, it is guaranteeing the identity of the organization that is providing the web pages to the browser."
8013
5183
msgstr ""
8014
5184
8015
5185
#: serverguide/C/security.xml:1355(para)
8016
msgid ""
8017
"Most Web browsers, and computers, that support SSL have a list of CAs whose "
8018
"certificates they automatically accept. If a browser encounters a "
8019
"certificate whose authorizing CA is not in the list, the browser asks the "
8020
"user to either accept or decline the connection. Also, other applications "
8021
"may generate an error message when using a self-singed certificate."
5186
msgid "Most Web browsers, and computers, that support SSL have a list of CAs whose certificates they automatically accept. If a browser encounters a certificate whose authorizing CA is not in the list, the browser asks the user to either accept or decline the connection. Also, other applications may generate an error message when using a self-singed certificate."
8022
5187
msgstr ""
8023
5188
8024
5189
#: serverguide/C/security.xml:1363(para)
8025
msgid ""
8026
"The process of getting a certificate from a CA is fairly easy. A quick "
8027
"overview is as follows:"
5190
msgid "The process of getting a certificate from a CA is fairly easy. A quick overview is as follows:"
8028
5191
msgstr ""
8029
5192
8030
5193
#: serverguide/C/security.xml:1370(para)
8032
5195
msgstr ""
8033
5196
8034
5197
#: serverguide/C/security.xml:1373(para)
8035
msgid ""
8036
"Create a certificate request based on the public key. The certificate "
8037
"request contains information about your server and the company hosting it."
5198
msgid "Create a certificate request based on the public key. The certificate request contains information about your server and the company hosting it."
8038
5199
msgstr ""
8039
5200
8040
5201
#: serverguide/C/security.xml:1378(para)
8041
msgid ""
8042
"Send the certificate request, along with documents proving your identity, to "
8043
"a CA. We cannot tell you which certificate authority to choose. Your "
8044
"decision may be based on your past experiences, or on the experiences of "
8045
"your friends or colleagues, or purely on monetary factors."
5202
msgid "Send the certificate request, along with documents proving your identity, to a CA. We cannot tell you which certificate authority to choose. Your decision may be based on your past experiences, or on the experiences of your friends or colleagues, or purely on monetary factors."
8046
5203
msgstr ""
8047
5204
8048
5205
#: serverguide/C/security.xml:1384(para)
8049
msgid ""
8050
"Once you have decided upon a CA, you need to follow the instructions they "
8051
"provide on how to obtain a certificate from them."
5206
msgid "Once you have decided upon a CA, you need to follow the instructions they provide on how to obtain a certificate from them."
8052
5207
msgstr ""
8053
5208
8054
5209
#: serverguide/C/security.xml:1389(para)
8055
msgid ""
8056
"When the CA is satisfied that you are indeed who you claim to be, they send "
8057
"you a digital certificate."
5210
msgid "When the CA is satisfied that you are indeed who you claim to be, they send you a digital certificate."
8058
5211
msgstr ""
8059
5212
8060
5213
#: serverguide/C/security.xml:1393(para)
8061
msgid ""
8062
"Install this certificate on your secure server, and configure the "
8063
"appropriate applications to use the certificate."
5214
msgid "Install this certificate on your secure server, and configure the appropriate applications to use the certificate."
8064
5215
msgstr ""
8065
5216
8066
5217
#: serverguide/C/security.xml:1402(title)
8068
5219
msgstr ""
8069
5220
8070
5221
#: serverguide/C/security.xml:1404(para)
8071
msgid ""
8072
"Whether you are getting a certificate from a CA or generating your own self-"
8073
"signed certificate, the first step is to generate a key."
5222
msgid "Whether you are getting a certificate from a CA or generating your own self-signed certificate, the first step is to generate a key."
8074
5223
msgstr ""
8075
5224
8076
5225
#: serverguide/C/security.xml:1409(para)
8077
msgid ""
8078
"If the certificate will be used by service daemons, such as Apache, Postfix, "
8079
"Dovecot, etc, a key without a passphrase is often appropriate. Not having a "
8080
"passphrase allows the services to start without manual intervention, usually "
8081
"the preferred way to start a daemon."
5226
msgid "If the certificate will be used by service daemons, such as Apache, Postfix, Dovecot, etc, a key without a passphrase is often appropriate. Not having a passphrase allows the services to start without manual intervention, usually the preferred way to start a daemon."
8082
5227
msgstr ""
8083
5228
8084
5229
#: serverguide/C/security.xml:1415(para)
8085
msgid ""
8086
"This section will cover generating a key with a passphrase, and one without. "
8087
"The non-passphrase key will then be used to generate a certificate that can "
8088
"be used with various service daemons."
5230
msgid "This section will cover generating a key with a passphrase, and one without. The non-passphrase key will then be used to generate a certificate that can be used with various service daemons."
8089
5231
msgstr ""
8090
5232
8091
5233
#: serverguide/C/security.xml:1421(para)
8092
msgid ""
8093
"Running your secure service without a passphrase is convenient because you "
8094
"will not need to enter the passphrase every time you start your secure "
8095
"service. But it is insecure and a compromise of the key means a compromise "
8096
"of the server as well."
5234
msgid "Running your secure service without a passphrase is convenient because you will not need to enter the passphrase every time you start your secure service. But it is insecure and a compromise of the key means a compromise of the server as well."
8097
5235
msgstr ""
8098
5236
8099
5237
#: serverguide/C/security.xml:1428(para)
8100
msgid ""
8101
"To generate the <emphasis>keys</emphasis> for the Certificate Signing "
8102
"Request (CSR) run the following command from a terminal prompt:"
5238
msgid "To generate the <emphasis>keys</emphasis> for the Certificate Signing Request (CSR) run the following command from a terminal prompt:"
8103
5239
msgstr ""
8104
5240
8105
5241
#: serverguide/C/security.xml:1434(command)
8108
5244
8109
5245
#: serverguide/C/security.xml:1437(programlisting)
8110
5246
#, no-wrap
8111
msgid ""
8112
"\n"
8113
"Generating RSA private key, 1024 bit long modulus\n"
8114
".....................++++++\n"
8115
".................++++++\n"
8116
"unable to write 'random state'\n"
8117
"e is 65537 (0x10001)\n"
8118
"Enter pass phrase for server.key:\n"
5247
msgid "\nGenerating RSA private key, 1024 bit long modulus\n.....................++++++\n.................++++++\nunable to write 'random state'\ne is 65537 (0x10001)\nEnter pass phrase for server.key:\n"
8119
5248
msgstr ""
8120
5249
8121
5250
#: serverguide/C/security.xml:1446(para)
8122
msgid ""
8123
"You can now enter your passphrase. For best security, it should at least "
8124
"contain eight characters. The minimum length when specifying -des3 is four "
8125
"characters. It should include numbers and/or punctuation and not be a word "
8126
"in a dictionary. Also remember that your passphrase is case-sensitive."
5251
msgid "You can now enter your passphrase. For best security, it should at least contain eight characters. The minimum length when specifying -des3 is four characters. It should include numbers and/or punctuation and not be a word in a dictionary. Also remember that your passphrase is case-sensitive."
8127
5252
msgstr ""
8128
5253
8129
5254
#: serverguide/C/security.xml:1454(para)
8130
msgid ""
8131
"Re-type the passphrase to verify. Once you have re-typed it correctly, the "
8132
"server key is generated and stored in the <filename>server.key</filename> "
8133
"file."
5255
msgid "Re-type the passphrase to verify. Once you have re-typed it correctly, the server key is generated and stored in the <filename>server.key</filename> file."
8134
5256
msgstr ""
8135
5257
8136
5258
#: serverguide/C/security.xml:1460(para)
8137
msgid ""
8138
"Now create the insecure key, the one without a passphrase, and shuffle the "
8139
"key names:"
5259
msgid "Now create the insecure key, the one without a passphrase, and shuffle the key names:"
8140
5260
msgstr ""
8141
5261
8142
5262
#: serverguide/C/security.xml:1466(command)
8152
5272
msgstr ""
8153
5273
8154
5274
#: serverguide/C/security.xml:1471(para)
8155
msgid ""
8156
"The insecure key is now named <filename>server.key</filename>, and you can "
8157
"use this file to generate the CSR without passphrase."
5275
msgid "The insecure key is now named <filename>server.key</filename>, and you can use this file to generate the CSR without passphrase."
8158
5276
msgstr ""
8159
5277
8160
5278
#: serverguide/C/security.xml:1476(para)
8166
5284
msgstr ""
8167
5285
8168
5286
#: serverguide/C/security.xml:1484(para)
8169
msgid ""
8170
"It will prompt you enter the passphrase. If you enter the correct "
8171
"passphrase, it will prompt you to enter Company Name, Once you enter all "
8172
"these details, your CSR will be created and it will be stored in the "
8173
"<filename>server.csr</filename> file. Site Name, Email Id, etc."
5287
msgid "It will prompt you enter the passphrase. If you enter the correct passphrase, it will prompt you to enter Company Name, Once you enter all these details, your CSR will be created and it will be stored in the <filename>server.csr</filename> file. Site Name, Email Id, etc."
8174
5288
msgstr ""
8175
5289
8176
5290
#: serverguide/C/security.xml:1492(para)
8177
msgid ""
8178
"You can now submit this CSR file to a CA for processing. The CA will use "
8179
"this CSR file and issue the certificate. On the other hand, you can create "
8180
"self-signed certificate using this CSR."
5291
msgid "You can now submit this CSR file to a CA for processing. The CA will use this CSR file and issue the certificate. On the other hand, you can create self-signed certificate using this CSR."
8181
5292
msgstr ""
8182
5293
8183
5294
#: serverguide/C/security.xml:1500(title)
8185
5296
msgstr ""
8186
5297
8187
5298
#: serverguide/C/security.xml:1501(para)
8188
msgid ""
8189
"To create the self-signed certificate, run the following command at a "
8190
"terminal prompt:"
5299
msgid "To create the self-signed certificate, run the following command at a terminal prompt:"
8191
5300
msgstr ""
8192
5301
8193
5302
#: serverguide/C/security.xml:1506(command)
8194
msgid ""
8195
"openssl x509 -req -days 365 -in server.csr -signkey server.key -out "
8196
"server.crt"
5303
msgid "openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt"
8197
5304
msgstr ""
8198
5305
8199
5306
#: serverguide/C/security.xml:1509(para)
8200
msgid ""
8201
"The above command will prompt you to enter the passphrase. Once you enter "
8202
"the correct passphrase, your certificate will be created and it will be "
8203
"stored in the <filename>server.crt</filename> file."
5307
msgid "The above command will prompt you to enter the passphrase. Once you enter the correct passphrase, your certificate will be created and it will be stored in the <filename>server.crt</filename> file."
8204
5308
msgstr ""
8205
5309
8206
5310
#: serverguide/C/security.xml:1514(para)
8207
msgid ""
8208
"If your secure server is to be used in a production environment, you "
8209
"probably need a CA-signed certificate. It is not recommended to use self-"
8210
"signed certificate."
5311
msgid "If your secure server is to be used in a production environment, you probably need a CA-signed certificate. It is not recommended to use self-signed certificate."
8211
5312
msgstr ""
8212
5313
8213
5314
#: serverguide/C/security.xml:1522(title)
8215
5316
msgstr ""
8216
5317
8217
5318
#: serverguide/C/security.xml:1524(para)
8218
msgid ""
8219
"You can install the key file <filename>server.key</filename> and certificate "
8220
"file <filename>server.crt</filename>, or the certificate file issued by your "
8221
"CA, by running following commands at a terminal prompt:"
5319
msgid "You can install the key file <filename>server.key</filename> and certificate file <filename>server.crt</filename>, or the certificate file issued by your CA, by running following commands at a terminal prompt:"
8222
5320
msgstr ""
8223
5321
8224
5322
#: serverguide/C/security.xml:1530(command)
8230
5328
msgstr ""
8231
5329
8232
5330
#: serverguide/C/security.xml:1533(para)
8233
msgid ""
8234
"Now simply configure any applications, with the ability to use public-key "
8235
"cryptography, to use the <emphasis>certificate</emphasis> and "
8236
"<emphasis>key</emphasis> files. For example, "
8237
"<application>Apache</application> can provide HTTPS, "
8238
"<application>Dovecot</application> can provide IMAPS and POP3S, etc."
5331
msgid "Now simply configure any applications, with the ability to use public-key cryptography, to use the <emphasis>certificate</emphasis> and <emphasis>key</emphasis> files. For example, <application>Apache</application> can provide HTTPS, <application>Dovecot</application> can provide IMAPS and POP3S, etc."
8239
5332
msgstr ""
8240
5333
8241
5334
#: serverguide/C/security.xml:1540(title)
8243
5336
msgstr ""
8244
5337
8245
5338
#: serverguide/C/security.xml:1542(para)
8246
msgid ""
8247
"If the services on your network require more than a few self-signed "
8248
"certificates it may be worth the additional effort to setup your own "
8249
"internal <emphasis>Certification Authority (CA)</emphasis>. Using "
8250
"certificates signed by your own CA, allows the various services using the "
8251
"certificates to easily trust other services using certificates issued from "
8252
"the same CA."
5339
msgid "If the services on your network require more than a few self-signed certificates it may be worth the additional effort to setup your own internal <emphasis>Certification Authority (CA)</emphasis>. Using certificates signed by your own CA, allows the various services using the certificates to easily trust other services using certificates issued from the same CA."
8253
5340
msgstr ""
8254
5341
8255
5342
#: serverguide/C/security.xml:1552(para)
8256
msgid ""
8257
"First, create the directories to hold the CA certificate and related files:"
5343
msgid "First, create the directories to hold the CA certificate and related files:"
8258
5344
msgstr ""
8259
5345
8260
5346
#: serverguide/C/security.xml:1557(command)
8266
5352
msgstr ""
8267
5353
8268
5354
#: serverguide/C/security.xml:1564(para)
8269
msgid ""
8270
"The CA needs a few additional files to operate, one to keep track of the "
8271
"last serial number used by the CA, each certificate must have a unique "
8272
"serial number, and another file to record which certificates have been "
8273
"issued:"
5355
msgid "The CA needs a few additional files to operate, one to keep track of the last serial number used by the CA, each certificate must have a unique serial number, and another file to record which certificates have been issued:"
8274
5356
msgstr ""
8275
5357
8276
5358
#: serverguide/C/security.xml:1571(command)
8282
5364
msgstr ""
8283
5365
8284
5366
#: serverguide/C/security.xml:1578(para)
8285
msgid ""
8286
"The third file is a CA configuration file. Though not strictly necessary, it "
8287
"is very convenient when issuing multiple certificates. Edit "
8288
"<filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default "
8289
"]</emphasis> change:"
5367
msgid "The third file is a CA configuration file. Though not strictly necessary, it is very convenient when issuing multiple certificates. Edit <filename>/etc/ssl/openssl.cnf</filename>, and in the <emphasis>[ CA_default ]</emphasis> change:"
8290
5368
msgstr ""
8291
5369
8292
5370
#: serverguide/C/security.xml:1584(programlisting)
8293
5371
#, no-wrap
8294
msgid ""
8295
"\n"
8296
"dir = /etc/ssl/ # Where everything is kept\n"
8297
"database = $dir/CA/index.txt # database index file.\n"
8298
"certificate = $dir/certs/cacert.pem # The CA certificate\n"
8299
"serial = $dir/CA/serial # The current serial number\n"
8300
"private_key = $dir/private/cakey.pem# The private key\n"
5372
msgid "\ndir = /etc/ssl/ # Where everything is kept\ndatabase = $dir/CA/index.txt # database index file.\ncertificate = $dir/certs/cacert.pem # The CA certificate\nserial = $dir/CA/serial # The current serial number\nprivate_key = $dir/private/cakey.pem# The private key\n"
8301
5373
msgstr ""
8302
5374
8303
5375
#: serverguide/C/security.xml:1595(para)
8305
5377
msgstr ""
8306
5378
8307
5379
#: serverguide/C/security.xml:1600(command)
8308
msgid ""
8309
"openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -"
8310
"days 3650"
5380
msgid "openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650"
8311
5381
msgstr ""
8312
5382
8313
5383
#: serverguide/C/security.xml:1603(para)
8327
5397
msgstr ""
8328
5398
8329
5399
#: serverguide/C/security.xml:1622(para)
8330
msgid ""
8331
"You are now ready to start signing certificates. The first item needed is a "
8332
"Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> "
8333
"for details. Once you have a CSR, enter the following to generate a "
8334
"certificate signed by the CA:"
5400
msgid "You are now ready to start signing certificates. The first item needed is a Certificate Signing Request (CSR), see <xref linkend=\"generating-a-csr\"/> for details. Once you have a CSR, enter the following to generate a certificate signed by the CA:"
8335
5401
msgstr ""
8336
5402
8337
5403
#: serverguide/C/security.xml:1629(command)
8339
5405
msgstr ""
8340
5406
8341
5407
#: serverguide/C/security.xml:1632(para)
8342
msgid ""
8343
"After entering the password for the CA key, you will be prompted to sign the "
8344
"certificate, and again to commit the new certificate. You should then see a "
8345
"somewhat large amount of output related to the certificate creation."
5408
msgid "After entering the password for the CA key, you will be prompted to sign the certificate, and again to commit the new certificate. You should then see a somewhat large amount of output related to the certificate creation."
8346
5409
msgstr ""
8347
5410
8348
5411
#: serverguide/C/security.xml:1641(para)
8349
msgid ""
8350
"There should now be a new file, "
8351
"<filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. "
8352
"Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----"
8353
"</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a "
8354
"file named after the hostname of the server where the certificate will be "
8355
"installed. For example <filename>mail.example.com.crt</filename>, is a nice "
8356
"descriptive name."
5412
msgid "There should now be a new file, <filename>/etc/ssl/newcerts/01.pem</filename>, containing the same output. Copy and paste everything between the <emphasis>-----BEGIN CERTIFICATE-----</emphasis> and <emphasis>----END CERTIFICATE-----</emphasis> lines to a file named after the hostname of the server where the certificate will be installed. For example <filename>mail.example.com.crt</filename>, is a nice descriptive name."
8357
5413
msgstr ""
8358
5414
8359
5415
#: serverguide/C/security.xml:1649(para)
8360
msgid ""
8361
"Subsequent certificates will be named <filename>02.pem</filename>, "
8362
"<filename>03.pem</filename>, etc."
5416
msgid "Subsequent certificates will be named <filename>02.pem</filename>, <filename>03.pem</filename>, etc."
8363
5417
msgstr ""
8364
5418
8365
5419
#: serverguide/C/security.xml:1654(para)
8366
msgid ""
8367
"Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive "
8368
"name."
5420
msgid "Replace <emphasis>mail.example.com.crt</emphasis> with your own descriptive name."
8369
5421
msgstr ""
8370
5422
8371
5423
#: serverguide/C/security.xml:1662(para)
8372
msgid ""
8373
"Finally, copy the new certificate to the host that needs it, and configure "
8374
"the appropriate applications to use it. The default location to install "
8375
"certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This "
8376
"enables multiple services to use the same certificate without overly "
8377
"complicated file permissions."
5424
msgid "Finally, copy the new certificate to the host that needs it, and configure the appropriate applications to use it. The default location to install certificates is <filename role=\"directory\">/etc/ssl/certs</filename>. This enables multiple services to use the same certificate without overly complicated file permissions."
8378
5425
msgstr ""
8379
5426
8380
5427
#: serverguide/C/security.xml:1668(para)
8381
msgid ""
8382
"For applications that can be configured to use a CA certificate, you should "
8383
"also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the "
8384
"<filename role=\"directory\">/etc/ssl/certs/</filename> directory on each "
8385
"server."
5428
msgid "For applications that can be configured to use a CA certificate, you should also copy the <filename>/etc/ssl/certs/cacert.pem</filename> file to the <filename role=\"directory\">/etc/ssl/certs/</filename> directory on each server."
8386
5429
msgstr ""
8387
5430
8388
5431
#: serverguide/C/security.xml:1682(para)
8389
msgid ""
8390
"For more detailed instructions on using cryptography see the <ulink "
8391
"url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL "
8392
"Certificates HOWTO</ulink> by tlpd.org"
5432
msgid "For more detailed instructions on using cryptography see the <ulink url=\"http://tldp.org/HOWTO/SSL-Certificates-HOWTO/index.html\">SSL Certificates HOWTO</ulink> by tlpd.org"
8393
5433
msgstr ""
8394
5434
8395
5435
#: serverguide/C/security.xml:1688(para)
8396
msgid ""
8397
"<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list "
8398
"of Certificate Authorities."
5436
msgid "<ulink url=\"http://www.pki-page.org/\">The PKI Page</ulink> contains a list of Certificate Authorities."
8399
5437
msgstr ""
8400
5438
8401
5439
#: serverguide/C/security.xml:1693(para)
8402
msgid ""
8403
"The Wikipedia <ulink "
8404
"url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more "
8405
"information regarding HTTPS."
5440
msgid "The Wikipedia <ulink url=\"http://en.wikipedia.org/wiki/Https\">HTTPS</ulink> page has more information regarding HTTPS."
8406
5441
msgstr ""
8407
5442
8408
5443
#: serverguide/C/security.xml:1698(para)
8409
msgid ""
8410
"For more information on <emphasis>OpenSSL</emphasis> see the <ulink "
8411
"url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
5444
msgid "For more information on <emphasis>OpenSSL</emphasis> see the <ulink url=\"http://www.openssl.org/\">OpenSSL Home Page</ulink>."
8412
5445
msgstr ""
8413
5446
8414
5447
#: serverguide/C/security.xml:1703(para)
8415
msgid ""
8416
"Also, O'Reilly's <ulink "
8417
"url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with "
8418
"OpenSSL</ulink> is a good in depth reference."
5448
msgid "Also, O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596002701/\">Network Security with OpenSSL</ulink> is a good in depth reference."
8419
5449
msgstr ""
8420
5450
8421
5451
#: serverguide/C/security.xml:1712(title)
8423
5453
msgstr ""
8424
5454
8425
5455
#: serverguide/C/security.xml:1714(para)
8426
msgid ""
8427
"<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked "
8428
"cryptographic filesystem for Linux. Layering on top of the filesystem layer "
8429
"<emphasis>eCryptfs</emphasis> protects files no matter the underlying "
8430
"filesystem, partition type, etc."
5456
msgid "<emphasis>eCryptfs</emphasis> is a POSIX-compliant enterprise-class stacked cryptographic filesystem for Linux. Layering on top of the filesystem layer <emphasis>eCryptfs</emphasis> protects files no matter the underlying filesystem, partition type, etc."
8431
5457
msgstr ""
8432
5458
8433
5459
#: serverguide/C/security.xml:1720(para)
8434
msgid ""
8435
"During installation there is an option to encrypt the <filename "
8436
"role=\"directory\">/home</filename> partition. This will automatically "
8437
"configure everything needed to encrypt and mount the partition."
5460
msgid "During installation there is an option to encrypt the <filename role=\"directory\">/home</filename> partition. This will automatically configure everything needed to encrypt and mount the partition."
8438
5461
msgstr ""
8439
5462
8440
5463
#: serverguide/C/security.xml:1725(para)
8441
msgid ""
8442
"As an example, this section will cover configuring <filename "
8443
"role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
5464
msgid "As an example, this section will cover configuring <filename role=\"directory\">/srv</filename> to be encrypted using eCryptfs."
8444
5465
msgstr ""
8445
5466
8446
5467
#: serverguide/C/security.xml:1730(title)
8464
5485
msgstr ""
8465
5486
8466
5487
#: serverguide/C/security.xml:1748(para)
8467
msgid ""
8468
"You will then be prompted for some details on how "
8469
"<application>ecryptfs</application> should encrypt the data."
5488
msgid "You will then be prompted for some details on how <application>ecryptfs</application> should encrypt the data."
8470
5489
msgstr ""
8471
5490
8472
5491
#: serverguide/C/security.xml:1752(para)
8473
msgid ""
8474
"To test that files placed in <filename>/srv</filename> are indeed encrypted "
8475
"copy the <filename>/etc/default</filename> folder to "
8476
"<filename>/srv</filename>:"
5492
msgid "To test that files placed in <filename>/srv</filename> are indeed encrypted copy the <filename>/etc/default</filename> folder to <filename>/srv</filename>:"
8477
5493
msgstr ""
8478
5494
8479
5495
#: serverguide/C/security.xml:1758(command) serverguide/C/clustering.xml:192(command)
8484
5500
msgid "Now unmount <filename>/srv</filename>, and try to view a file:"
8485
5501
msgstr ""
8486
5502
8487
#: serverguide/C/security.xml:1766(command) serverguide/C/installation.xml:1089(command) serverguide/C/clustering.xml:200(command)
5503
#: serverguide/C/security.xml:1766(command) serverguide/C/installation.xml:1091(command) serverguide/C/clustering.xml:200(command)
8488
5504
msgid "sudo umount /srv"
8489
5505
msgstr ""
8490
5506
8493
5509
msgstr ""
8494
5510
8495
5511
#: serverguide/C/security.xml:1770(para)
8496
msgid ""
8497
"Remounting <filename>/srv</filename> using "
8498
"<application>ecryptfs</application> will make the data viewable once again."
5512
msgid "Remounting <filename>/srv</filename> using <application>ecryptfs</application> will make the data viewable once again."
8499
5513
msgstr ""
8500
5514
8501
5515
#: serverguide/C/security.xml:1776(title)
8503
5517
msgstr ""
8504
5518
8505
5519
#: serverguide/C/security.xml:1778(para)
8506
msgid ""
8507
"There are a couple of ways to automatically mount an "
8508
"<application>ecryptfs</application> encrypted filesystem at boot. This "
8509
"example will use a <filename>/root/.ecryptfsrc</filename> file containing "
8510
"mount options, along with a passphrase file residing on a USB key."
5520
msgid "There are a couple of ways to automatically mount an <application>ecryptfs</application> encrypted filesystem at boot. This example will use a <filename>/root/.ecryptfsrc</filename> file containing mount options, along with a passphrase file residing on a USB key."
8511
5521
msgstr ""
8512
5522
8513
5523
#: serverguide/C/security.xml:1784(para)
8516
5526
8517
5527
#: serverguide/C/security.xml:1788(programlisting)
8518
5528
#, no-wrap
8519
msgid ""
8520
"\n"
8521
"key=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\n"
8522
"ecryptfs_sig=5826dd62cf81c615\n"
8523
"ecryptfs_cipher=aes\n"
8524
"ecryptfs_key_bytes=16\n"
8525
"ecryptfs_passthrough=n\n"
8526
"ecryptfs_enable_filename_crypto=n\n"
5529
msgid "\nkey=passphrase:passphrase_passwd_file=/mnt/usb/passwd_file.txt\necryptfs_sig=5826dd62cf81c615\necryptfs_cipher=aes\necryptfs_key_bytes=16\necryptfs_passthrough=n\necryptfs_enable_filename_crypto=n\n"
8527
5530
msgstr ""
8528
5531
8529
5532
#: serverguide/C/security.xml:1798(para)
8530
msgid ""
8531
"Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in "
8532
"<filename>/root/.ecryptfs/sig-cache.txt</filename>."
5533
msgid "Adjust the <emphasis>ecryptfs_sig</emphasis> to the signature in <filename>/root/.ecryptfs/sig-cache.txt</filename>."
8533
5534
msgstr ""
8534
5535
8535
5536
#: serverguide/C/security.xml:1803(para)
8536
msgid ""
8537
"Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase "
8538
"file:"
5537
msgid "Next, create the <filename>/mnt/usb/passwd_file.txt</filename> passphrase file:"
8539
5538
msgstr ""
8540
5539
8541
5540
#: serverguide/C/security.xml:1807(programlisting)
8542
5541
#, no-wrap
8543
msgid ""
8544
"\n"
8545
"passphrase_passwd=[secrets]\n"
5542
msgid "\npassphrase_passwd=[secrets]\n"
8546
5543
msgstr ""
8547
5544
8548
5545
#: serverguide/C/security.xml:1811(para)
8551
5548
8552
5549
#: serverguide/C/security.xml:1815(programlisting)
8553
5550
#, no-wrap
8554
msgid ""
8555
"\n"
8556
"/dev/sdb1 /mnt/usb ext3 ro 0 0\n"
8557
"/srv /srv ecryptfs defaults 0 0\n"
5551
msgid "\n/dev/sdb1 /mnt/usb ext3 ro 0 0\n/srv /srv ecryptfs defaults 0 0\n"
8558
5552
msgstr ""
8559
5553
8560
5554
#: serverguide/C/security.xml:1820(para)
8562
5556
msgstr ""
8563
5557
8564
5558
#: serverguide/C/security.xml:1824(para)
8565
msgid ""
8566
"Finally, reboot and the <filename>/srv</filename> should be mounted using "
8567
"ecryptfs."
5559
msgid "Finally, reboot and the <filename>/srv</filename> should be mounted using ecryptfs."
8568
5560
msgstr ""
8569
5561
8570
5562
#: serverguide/C/security.xml:1832(para)
8571
msgid ""
8572
"The <application>ecryptfs-utils</application> package includes several other "
8573
"useful utilities:"
5563
msgid "The <application>ecryptfs-utils</application> package includes several other useful utilities:"
8574
5564
msgstr ""
8575
5565
8576
5566
#: serverguide/C/security.xml:1838(para)
8577
msgid ""
8578
"<emphasis>ecryptfs-setup-private:</emphasis> creates a "
8579
"<filename>~/Private</filename> directory to contain encrypted information. "
8580
"This utility can be run by unprivileged users to keep data private from "
8581
"other users on the system."
5567
msgid "<emphasis>ecryptfs-setup-private:</emphasis> creates a <filename>~/Private</filename> directory to contain encrypted information. This utility can be run by unprivileged users to keep data private from other users on the system."
8582
5568
msgstr ""
8583
5569
8584
5570
#: serverguide/C/security.xml:1845(para)
8585
msgid ""
8586
"<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> "
8587
"will mount and unmount respectively, a users <filename>~/Private</filename> "
8588
"directory."
5571
msgid "<emphasis>ecryptfs-mount-private and ecryptfs-umount-private:</emphasis> will mount and unmount respectively, a users <filename>~/Private</filename> directory."
8589
5572
msgstr ""
8590
5573
8591
5574
#: serverguide/C/security.xml:1851(para)
8592
msgid ""
8593
"<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the "
8594
"kernel keyring."
5575
msgid "<emphasis>ecryptfs-add-passphrase:</emphasis> adds a new passphrase to the kernel keyring."
8595
5576
msgstr ""
8596
5577
8597
5578
#: serverguide/C/security.xml:1856(para)
8598
msgid ""
8599
"<emphasis>ecryptfs-manager:</emphasis> manages "
8600
"<application>eCryptfs</application> objects such as keys."
5579
msgid "<emphasis>ecryptfs-manager:</emphasis> manages <application>eCryptfs</application> objects such as keys."
8601
5580
msgstr ""
8602
5581
8603
5582
#: serverguide/C/security.xml:1861(para)
8604
msgid ""
8605
"<emphasis>ecryptfs-stat:</emphasis> allows you to view the "
8606
"<application>ecryptfs</application> meta information for a file."
5583
msgid "<emphasis>ecryptfs-stat:</emphasis> allows you to view the <application>ecryptfs</application> meta information for a file."
8607
5584
msgstr ""
8608
5585
8609
5586
#: serverguide/C/security.xml:1874(para)
8610
msgid ""
8611
"For more information on eCryptfs see the <ulink "
8612
"url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
5587
msgid "For more information on eCryptfs see the <ulink url=\"https://launchpad.net/ecryptfs\">Launch Pad project page</ulink>"
8613
5588
msgstr ""
8614
5589
8615
5590
#: serverguide/C/security.xml:1879(para)
8616
msgid ""
8617
"There is also a <ulink "
8618
"url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> "
8619
"article covering eCryptfs."
5591
msgid "There is also a <ulink url=\"http://www.linuxjournal.com/article/9400\">Linux Journal</ulink> article covering eCryptfs."
8620
5592
msgstr ""
8621
5593
8622
5594
#: serverguide/C/security.xml:1884(para)
8623
msgid ""
8624
"Also, for more <application>ecryptfs</application> options see the <ulink "
8625
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ec"
8626
"ryptfs man page</ulink>."
5595
msgid "Also, for more <application>ecryptfs</application> options see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/ecryptfs.7.html\">ecryptfs man page</ulink>."
8627
5596
msgstr ""
8628
5597
8629
5598
#: serverguide/C/remote-administration.xml:13(title)
8631
5600
msgstr ""
8632
5601
8633
5602
#: serverguide/C/remote-administration.xml:14(para)
8634
msgid ""
8635
"There are many ways to remotely administer a Linux server. This chapter will "
8636
"cover one of the most popular <application>SSH</application> as well as "
8637
"<application>eBox</application>, a web based administration framework."
5603
msgid "There are many ways to remotely administer a Linux server. This chapter will cover one of the most popular <application>SSH</application> as well as <application>eBox</application>, a web based administration framework."
8638
5604
msgstr ""
8639
5605
8640
5606
#: serverguide/C/remote-administration.xml:23(para)
8641
msgid ""
8642
"This section of the Ubuntu Server Guide introduces a powerful collection of "
8643
"tools for the remote control of networked computers and transfer of data "
8644
"between networked computers, called <emphasis>OpenSSH</emphasis>. You will "
8645
"also learn about some of the configuration settings possible with the "
8646
"OpenSSH server application and how to change them on your Ubuntu system."
5607
msgid "This section of the Ubuntu Server Guide introduces a powerful collection of tools for the remote control of networked computers and transfer of data between networked computers, called <emphasis>OpenSSH</emphasis>. You will also learn about some of the configuration settings possible with the OpenSSH server application and how to change them on your Ubuntu system."
8647
5608
msgstr ""
8648
5609
8649
5610
#: serverguide/C/remote-administration.xml:30(para)
8650
msgid ""
8651
"OpenSSH is a freely available version of the Secure Shell (SSH) protocol "
8652
"family of tools for remotely controlling a computer or transferring files "
8653
"between computers. Traditional tools used to accomplish these functions, "
8654
"such as <application>telnet</application> or <application>rcp</application>, "
8655
"are insecure and transmit the user's password in cleartext when used. "
8656
"OpenSSH provides a server daemon and client tools to facilitate secure, "
8657
"encrypted remote control and file transfer operations, effectively replacing "
8658
"the legacy tools."
5611
msgid "OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling a computer or transferring files between computers. Traditional tools used to accomplish these functions, such as <application>telnet</application> or <application>rcp</application>, are insecure and transmit the user's password in cleartext when used. OpenSSH provides a server daemon and client tools to facilitate secure, encrypted remote control and file transfer operations, effectively replacing the legacy tools."
8659
5612
msgstr ""
8660
5613
8661
5614
#: serverguide/C/remote-administration.xml:39(para)
8662
msgid ""
8663
"The OpenSSH server component, <application>sshd</application>, listens "
8664
"continuously for client connections from any of the client tools. When a "
8665
"connection request occurs, <application>sshd</application> sets up the "
8666
"correct connection depending on the type of client tool connecting. For "
8667
"example, if the remote computer is connecting with the "
8668
"<application>ssh</application> client application, the OpenSSH server sets "
8669
"up a remote control session after authentication. If a remote user connects "
8670
"to an OpenSSH server with <application>scp</application>, the OpenSSH server "
8671
"daemon initiates a secure copy of files between the server and client after "
8672
"authentication. OpenSSH can use many authentication methods, including plain "
8673
"password, public key, and <application>Kerberos</application> tickets."
5615
msgid "The OpenSSH server component, <application>sshd</application>, listens continuously for client connections from any of the client tools. When a connection request occurs, <application>sshd</application> sets up the correct connection depending on the type of client tool connecting. For example, if the remote computer is connecting with the <application>ssh</application> client application, the OpenSSH server sets up a remote control session after authentication. If a remote user connects to an OpenSSH server with <application>scp</application>, the OpenSSH server daemon initiates a secure copy of files between the server and client after authentication. OpenSSH can use many authentication methods, including plain password, public key, and <application>Kerberos</application> tickets."
8674
5616
msgstr ""
8675
5617
8676
5618
#: serverguide/C/remote-administration.xml:53(para)
8677
msgid ""
8678
"Installation of the OpenSSH client and server applications is simple. To "
8679
"install the OpenSSH client applications on your Ubuntu system, use this "
8680
"command at a terminal prompt:"
5619
msgid "Installation of the OpenSSH client and server applications is simple. To install the OpenSSH client applications on your Ubuntu system, use this command at a terminal prompt:"
8681
5620
msgstr ""
8682
5621
8683
5622
#: serverguide/C/remote-administration.xml:59(command)
8685
5624
msgstr ""
8686
5625
8687
5626
#: serverguide/C/remote-administration.xml:61(para)
8688
msgid ""
8689
"To install the OpenSSH server application, and related support files, use "
8690
"this command at a terminal prompt:"
5627
msgid "To install the OpenSSH server application, and related support files, use this command at a terminal prompt:"
8691
5628
msgstr ""
8692
5629
8693
5630
#: serverguide/C/remote-administration.xml:66(command)
8695
5632
msgstr ""
8696
5633
8697
5634
#: serverguide/C/remote-administration.xml:68(para)
8698
msgid ""
8699
"The <application>openssh-server</application> package can also be selected "
8700
"to install during the Server Edition installation process."
5635
msgid "The <application>openssh-server</application> package can also be selected to install during the Server Edition installation process."
8701
5636
msgstr ""
8702
5637
8703
5638
#: serverguide/C/remote-administration.xml:75(para)
8704
msgid ""
8705
"You may configure the default behavior of the OpenSSH server application, "
8706
"<application>sshd</application>, by editing the file "
8707
"<filename>/etc/ssh/sshd_config</filename>. For information about the "
8708
"configuration directives used in this file, you may view the appropriate "
8709
"manual page with the following command, issued at a terminal prompt:"
5639
msgid "You may configure the default behavior of the OpenSSH server application, <application>sshd</application>, by editing the file <filename>/etc/ssh/sshd_config</filename>. For information about the configuration directives used in this file, you may view the appropriate manual page with the following command, issued at a terminal prompt:"
8710
5640
msgstr ""
8711
5641
8712
5642
#: serverguide/C/remote-administration.xml:83(command)
8714
5644
msgstr ""
8715
5645
8716
5646
#: serverguide/C/remote-administration.xml:85(para)
8717
msgid ""
8718
"There are many directives in the <application>sshd</application> "
8719
"configuration file controlling such things as communication settings and "
8720
"authentication modes. The following are examples of configuration directives "
8721
"that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> "
8722
"file."
5647
msgid "There are many directives in the <application>sshd</application> configuration file controlling such things as communication settings and authentication modes. The following are examples of configuration directives that can be changed by editing the <filename>/etc/ssh/sshd_config</filename> file."
8723
5648
msgstr ""
8724
5649
8725
5650
#: serverguide/C/remote-administration.xml:92(para)
8726
msgid ""
8727
"Prior to editing the configuration file, you should make a copy of the "
8728
"original file and protect it from writing so you will have the original "
8729
"settings as a reference and to reuse as necessary."
5651
msgid "Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference and to reuse as necessary."
8730
5652
msgstr ""
8731
5653
8732
5654
#: serverguide/C/remote-administration.xml:96(para)
8733
msgid ""
8734
"Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from "
8735
"writing with the following commands, issued at a terminal prompt:"
5655
msgid "Copy the <filename>/etc/ssh/sshd_config</filename> file and protect it from writing with the following commands, issued at a terminal prompt:"
8736
5656
msgstr ""
8737
5657
8738
5658
#: serverguide/C/remote-administration.xml:101(command)
8744
5664
msgstr ""
8745
5665
8746
5666
#: serverguide/C/remote-administration.xml:104(para)
8747
msgid ""
8748
"The following are examples of configuration directives you may change:"
5667
msgid "The following are examples of configuration directives you may change:"
8749
5668
msgstr ""
8750
5669
8751
5670
#: serverguide/C/remote-administration.xml:109(para)
8752
msgid ""
8753
"To set your OpenSSH to listen on TCP port 2222 instead of the default TCP "
8754
"port 22, change the Port directive as such:"
5671
msgid "To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port 22, change the Port directive as such:"
8755
5672
msgstr ""
8756
5673
8757
5674
#: serverguide/C/remote-administration.xml:113(para)
8759
5676
msgstr ""
8760
5677
8761
5678
#: serverguide/C/remote-administration.xml:118(para)
8762
msgid ""
8763
"To have <application>sshd</application> allow public key-based login "
8764
"credentials, simply add or modify the line:"
5679
msgid "To have <application>sshd</application> allow public key-based login credentials, simply add or modify the line:"
8765
5680
msgstr ""
8766
5681
8767
5682
#: serverguide/C/remote-administration.xml:122(para)
8769
5684
msgstr ""
8770
5685
8771
5686
#: serverguide/C/remote-administration.xml:125(para)
8772
msgid ""
8773
"In the <filename>/etc/ssh/sshd_config</filename> file, or if already "
8774
"present, ensure the line is not commented out."
5687
msgid "In the <filename>/etc/ssh/sshd_config</filename> file, or if already present, ensure the line is not commented out."
8775
5688
msgstr ""
8776
5689
8777
5690
#: serverguide/C/remote-administration.xml:131(para)
8778
msgid ""
8779
"To make your OpenSSH server display the contents of the "
8780
"<filename>/etc/issue.net</filename> file as a pre-login banner, simply add "
8781
"or modify the line:"
5691
msgid "To make your OpenSSH server display the contents of the <filename>/etc/issue.net</filename> file as a pre-login banner, simply add or modify the line:"
8782
5692
msgstr ""
8783
5693
8784
5694
#: serverguide/C/remote-administration.xml:136(para)
8790
5700
msgstr ""
8791
5701
8792
5702
#: serverguide/C/remote-administration.xml:144(para)
8793
msgid ""
8794
"After making changes to the <filename>/etc/ssh/sshd_config</filename> file, "
8795
"save the file, and restart the <application>sshd</application> server "
8796
"application to effect the changes using the following command at a terminal "
8797
"prompt:"
5703
msgid "After making changes to the <filename>/etc/ssh/sshd_config</filename> file, save the file, and restart the <application>sshd</application> server application to effect the changes using the following command at a terminal prompt:"
8798
5704
msgstr ""
8799
5705
8800
5706
#: serverguide/C/remote-administration.xml:153(para)
8801
msgid ""
8802
"Many other configuration directives for <application>sshd</application> are "
8803
"available for changing the server application's behavior to fit your needs. "
8804
"Be advised, however, if your only method of access to a server is "
8805
"<application>ssh</application>, and you make a mistake in configuring "
8806
"<application>sshd</application> via the "
8807
"<filename>/etc/ssh/sshd_config</filename> file, you may find you are locked "
8808
"out of the server upon restarting it, or that the "
8809
"<application>sshd</application> server refuses to start due to an incorrect "
8810
"configuration directive, so be extra careful when editing this file on a "
8811
"remote server."
5707
msgid "Many other configuration directives for <application>sshd</application> are available for changing the server application's behavior to fit your needs. Be advised, however, if your only method of access to a server is <application>ssh</application>, and you make a mistake in configuring <application>sshd</application> via the <filename>/etc/ssh/sshd_config</filename> file, you may find you are locked out of the server upon restarting it, or that the <application>sshd</application> server refuses to start due to an incorrect configuration directive, so be extra careful when editing this file on a remote server."
8812
5708
msgstr ""
8813
5709
8814
5710
#: serverguide/C/remote-administration.xml:168(title)
8816
5712
msgstr ""
8817
5713
8818
5714
#: serverguide/C/remote-administration.xml:169(para)
8819
msgid ""
8820
"SSH <emphasis>keys</emphasis> allow authentication between two hosts without "
8821
"the need of a password. SSH key authentication uses two keys a "
8822
"<emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
5715
msgid "SSH <emphasis>keys</emphasis> allow authentication between two hosts without the need of a password. SSH key authentication uses two keys a <emphasis>private</emphasis> key and a <emphasis>public</emphasis> key."
8823
5716
msgstr ""
8824
5717
8825
5718
#: serverguide/C/remote-administration.xml:173(para)
8831
5724
msgstr ""
8832
5725
8833
5726
#: serverguide/C/remote-administration.xml:179(para)
8834
msgid ""
8835
"This will generate the keys using a <emphasis>DSA</emphasis> authentication "
8836
"identity of the user. During the process you will be prompted for a "
8837
"password. Simply hit <emphasis>Enter</emphasis> when prompted to create the "
8838
"key."
5727
msgid "This will generate the keys using a <emphasis>DSA</emphasis> authentication identity of the user. During the process you will be prompted for a password. Simply hit <emphasis>Enter</emphasis> when prompted to create the key."
8839
5728
msgstr ""
8840
5729
8841
5730
#: serverguide/C/remote-administration.xml:183(para)
8842
msgid ""
8843
"By default the <emphasis>public</emphasis> key is saved in the file "
8844
"<filename>~/.ssh/id_dsa.pub</filename>, while "
8845
"<filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. "
8846
"Now copy the <filename>id_dsa.pub</filename> file to the remote host and "
8847
"append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
5731
msgid "By default the <emphasis>public</emphasis> key is saved in the file <filename>~/.ssh/id_dsa.pub</filename>, while <filename>~/.ssh/id_dsa</filename> is the <emphasis>private</emphasis> key. Now copy the <filename>id_dsa.pub</filename> file to the remote host and append it to <filename>~/.ssh/authorized_keys</filename> by entering:"
8848
5732
msgstr ""
8849
5733
8850
5734
#: serverguide/C/remote-administration.xml:189(command)
8852
5736
msgstr ""
8853
5737
8854
5738
#: serverguide/C/remote-administration.xml:191(para)
8855
msgid ""
8856
"Finally, double check the permissions on the "
8857
"<filename>authorized_keys</filename> file, only the authenticated user "
8858
"should have read and write permissions. If the permissions are not correct "
8859
"change them by:"
5739
msgid "Finally, double check the permissions on the <filename>authorized_keys</filename> file, only the authenticated user should have read and write permissions. If the permissions are not correct change them by:"
8860
5740
msgstr ""
8861
5741
8862
5742
#: serverguide/C/remote-administration.xml:196(command)
8863
msgid "chmod 644 .ssh/authorized_keys"
5743
msgid "chmod 600 .ssh/authorized_keys"
8864
5744
msgstr ""
8865
5745
8866
5746
#: serverguide/C/remote-administration.xml:198(para)
8867
msgid ""
8868
"You should now be able to SSH to the host without being prompted for a "
8869
"password."
5747
msgid "You should now be able to SSH to the host without being prompted for a password."
8870
5748
msgstr ""
8871
5749
8872
5750
#: serverguide/C/remote-administration.xml:205(ulink)
8882
5760
msgstr ""
8883
5761
8884
5762
#: serverguide/C/remote-administration.xml:214(para)
8885
msgid ""
8886
"<application>eBox</application> is a web framework used to manage server "
8887
"application configuration. The modular design of eBox allows you to pick and "
8888
"choose which services you want to configure using eBox."
5763
msgid "<application>eBox</application> is a web framework used to manage server application configuration. The modular design of eBox allows you to pick and choose which services you want to configure using eBox."
8889
5764
msgstr ""
8890
5765
8891
5766
#: serverguide/C/remote-administration.xml:221(para)
8892
msgid ""
8893
"The different <application>eBox</application> modules are split into "
8894
"different packages, allowing you to only install those necessary. One way to "
8895
"view the available packages is to enter the following from a terminal:"
5767
msgid "The different <application>eBox</application> modules are split into different packages, allowing you to only install those necessary. One way to view the available packages is to enter the following from a terminal:"
8896
5768
msgstr ""
8897
5769
8898
5770
#: serverguide/C/remote-administration.xml:227(command)
8900
5772
msgstr ""
8901
5773
8902
5774
#: serverguide/C/remote-administration.xml:229(para)
8903
msgid ""
8904
"To install the <application>ebox</application> package, which contains the "
8905
"default modules, enter the following:"
5775
msgid "To install the <application>ebox</application> package, which contains the default modules, enter the following:"
8906
5776
msgstr ""
8907
5777
8908
5778
#: serverguide/C/remote-administration.xml:234(command)
8910
5780
msgstr ""
8911
5781
8912
5782
#: serverguide/C/remote-administration.xml:237(para)
8913
msgid ""
8914
"During the installation you will be asked to supply a password for the ebox "
8915
"user. After installing eBox the web interface can be accessed from: "
8916
"<emphasis>https://yourserver/ebox</emphasis>."
5783
msgid "During the installation you will be asked to supply a password for the ebox user. After installing eBox the web interface can be accessed from: <emphasis>https://yourserver/ebox</emphasis>."
8917
5784
msgstr ""
8918
5785
8919
5786
#: serverguide/C/remote-administration.xml:246(para)
8920
msgid ""
8921
"An important thing to remember when using <application>eBox</application> is "
8922
"that when configuring most modules there is a <emphasis>Change</emphasis> "
8923
"button that implements the new configuration. After clicking the Change "
8924
"button most, but not all, modules will then need to be "
8925
"<emphasis>Saved</emphasis>. To save the new configuration click on the "
8926
"<quote>Save changes</quote> link in the top right hand corner."
5787
msgid "An important thing to remember when using <application>eBox</application> is that when configuring most modules there is a <emphasis>Change</emphasis> button that implements the new configuration. After clicking the Change button most, but not all, modules will then need to be <emphasis>Saved</emphasis>. To save the new configuration click on the <quote>Save changes</quote> link in the top right hand corner."
8927
5788
msgstr ""
8928
5789
8929
5790
#: serverguide/C/remote-administration.xml:254(para)
8930
msgid ""
8931
"Once you make a change that requires a Save, the link will change from green "
8932
"to red."
5791
msgid "Once you make a change that requires a Save, the link will change from green to red."
8933
5792
msgstr ""
8934
5793
8935
5794
#: serverguide/C/remote-administration.xml:260(title)
8937
5796
msgstr ""
8938
5797
8939
5798
#: serverguide/C/remote-administration.xml:261(para)
8940
msgid ""
8941
"By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a "
8942
"new module is installed it will not be automatically enabled."
5799
msgid "By default all eBox <emphasis>Modules</emphasis> are not enabled, and when a new module is installed it will not be automatically enabled."
8943
5800
msgstr ""
8944
5801
8945
5802
#: serverguide/C/remote-administration.xml:265(para)
8946
msgid ""
8947
"To enable a disabled module click on the <emphasis>Module status</emphasis> "
8948
"link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> "
8949
"which modules you would like to enable and click the <quote>Save</quote> "
8950
"link."
5803
msgid "To enable a disabled module click on the <emphasis>Module status</emphasis> link in the left hand menu. Then <emphasis role=\"italic\">check</emphasis> which modules you would like to enable and click the <quote>Save</quote> link."
8951
5804
msgstr ""
8952
5805
8953
5806
#: serverguide/C/remote-administration.xml:271(title)
8955
5808
msgstr ""
8956
5809
8957
5810
#: serverguide/C/remote-administration.xml:272(para)
8958
msgid ""
8959
"This section provides a quick summary of the default "
8960
"<application>eBox</application> modules."
5811
msgid "This section provides a quick summary of the default <application>eBox</application> modules."
8961
5812
msgstr ""
8962
5813
8963
5814
#: serverguide/C/remote-administration.xml:278(para)
8964
msgid ""
8965
"<emphasis>System:</emphasis> contains options allowing configuration of "
8966
"general eBox items."
5815
msgid "<emphasis>System:</emphasis> contains options allowing configuration of general eBox items."
8967
5816
msgstr ""
8968
5817
8969
5818
#: serverguide/C/remote-administration.xml:284(para)
8970
msgid ""
8971
"<emphasis>General:</emphasis> allows you to set the language, port number, "
8972
"and contains a change password form."
5819
msgid "<emphasis>General:</emphasis> allows you to set the language, port number, and contains a change password form."
8973
5820
msgstr ""
8974
5821
8975
5822
#: serverguide/C/remote-administration.xml:290(para)
8976
msgid ""
8977
"<emphasis>Disk Usage:</emphasis> displays a graph detailing information "
8978
"about disk usage."
5823
msgid "<emphasis>Disk Usage:</emphasis> displays a graph detailing information about disk usage."
8979
5824
msgstr ""
8980
5825
8981
5826
#: serverguide/C/remote-administration.xml:296(para)
8982
msgid ""
8983
"<emphasis>Backup:</emphasis> is used to backup "
8984
"<application>eBox</application> configuration information, and the "
8985
"<emphasis>Full Backup</emphasis> option allows you to save all eBox "
8986
"information not included in the <emphasis>Configuration</emphasis> option "
8987
"such as log files."
5827
msgid "<emphasis>Backup:</emphasis> is used to backup <application>eBox</application> configuration information, and the <emphasis>Full Backup</emphasis> option allows you to save all eBox information not included in the <emphasis>Configuration</emphasis> option such as log files."
8988
5828
msgstr ""
8989
5829
8990
5830
#: serverguide/C/remote-administration.xml:304(para)
8991
msgid ""
8992
"<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
5831
msgid "<emphasis>Halt/Reboot:</emphasis> will shutdown the system or reboot it."
8993
5832
msgstr ""
8994
5833
8995
5834
#: serverguide/C/remote-administration.xml:309(para)
8996
msgid ""
8997
"<emphasis>Bug Report:</emphasis> creates a file containing details helpful "
8998
"when reporting bugs to the eBox developers."
5835
msgid "<emphasis>Bug Report:</emphasis> creates a file containing details helpful when reporting bugs to the eBox developers."
8999
5836
msgstr ""
9000
5837
9001
5838
#: serverguide/C/remote-administration.xml:317(para)
9002
msgid ""
9003
"<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be "
9004
"queried depending on the purge time configured."
5839
msgid "<emphasis>Logs:</emphasis> allows <application>eBox</application> logs to be queried depending on the purge time configured."
9005
5840
msgstr ""
9006
5841
9007
5842
#: serverguide/C/remote-administration.xml:323(para)
9008
msgid ""
9009
"<emphasis>Events:</emphasis> this module has the ability to send alerts "
9010
"through rss, jabber, and log file."
5843
msgid "<emphasis>Events:</emphasis> this module has the ability to send alerts through rss, jabber, and log file."
9011
5844
msgstr ""
9012
5845
9013
5846
#: serverguide/C/remote-administration.xml:330(emphasis)
9015
5848
msgstr ""
9016
5849
9017
5850
#: serverguide/C/remote-administration.xml:334(para)
9018
msgid ""
9019
"<emphasis>Free Storage Space:</emphasis> will send alert if free disk space "
9020
"drops below a configured percentage, 10% by default."
5851
msgid "<emphasis>Free Storage Space:</emphasis> will send alert if free disk space drops below a configured percentage, 10% by default."
9021
5852
msgstr ""
9022
5853
9023
5854
#: serverguide/C/remote-administration.xml:340(para)
9024
msgid ""
9025
"<emphasis>Log Observer:</emphasis> unfortunately this event does not work "
9026
"with the <application>eBox</application> version shipped with Ubuntu 7.10."
5855
msgid "<emphasis>Log Observer:</emphasis> sends an alert when a configured logger has logged something."
9027
5856
msgstr ""
9028
5857
9029
5858
#: serverguide/C/remote-administration.xml:346(para)
9030
msgid ""
9031
"<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if "
9032
"any issues arise."
5859
msgid "<emphasis>RAID:</emphasis> will monitor the RAID system and send alerts if any issues arise."
9033
5860
msgstr ""
9034
5861
9035
5862
#: serverguide/C/remote-administration.xml:352(para)
9036
msgid ""
9037
"<emphasis>Service:</emphasis> sends alerts if a service restarts multiple "
9038
"times in a short time period."
5863
msgid "<emphasis>Service:</emphasis> sends alerts if a service restarts multiple times in a short time period."
9039
5864
msgstr ""
9040
5865
9041
5866
#: serverguide/C/remote-administration.xml:358(para)
9042
msgid ""
9043
"<emphasis>State:</emphasis> alerts on the state of "
9044
"<application>eBox</application>, either up or down."
5867
msgid "<emphasis>State:</emphasis> alerts on the state of <application>eBox</application>, either up or down."
9045
5868
msgstr ""
9046
5869
9047
5870
#: serverguide/C/remote-administration.xml:367(emphasis)
9049
5872
msgstr ""
9050
5873
9051
5874
#: serverguide/C/remote-administration.xml:371(para)
9052
msgid ""
9053
"<emphasis>Log:</emphasis> this dispatcher will send event messages to the "
9054
"<application>eBox</application> log file "
9055
"<filename>/var/log/ebox/ebox.log</filename>."
5875
msgid "<emphasis>Log:</emphasis> this dispatcher will send event messages to the <application>eBox</application> log file <filename>/var/log/ebox/ebox.log</filename>."
9056
5876
msgstr ""
9057
5877
9058
5878
#: serverguide/C/remote-administration.xml:378(para)
9059
msgid ""
9060
"<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first "
9061
"configure it by clicking on the <quote>Configure</quote> icon."
5879
msgid "<emphasis>Jabber:</emphasis> before enabling this dispatcher you must first configure it by clicking on the <quote>Configure</quote> icon."
9062
5880
msgstr ""
9063
5881
9064
5882
#: serverguide/C/remote-administration.xml:384(para)
9065
msgid ""
9066
"<emphasis>RSS:</emphasis> once this dispatcher is configured you can "
9067
"subscribe to the link in order to view event alerts."
5883
msgid "<emphasis>RSS:</emphasis> once this dispatcher is configured you can subscribe to the link in order to view event alerts."
9068
5884
msgstr ""
9069
5885
9070
5886
#: serverguide/C/remote-administration.xml:397(title)
9072
5888
msgstr ""
9073
5889
9074
5890
#: serverguide/C/remote-administration.xml:398(para)
9075
msgid ""
9076
"Here is a quick description of other available "
9077
"<application>eBox</application> modules:"
5891
msgid "Here is a quick description of other available <application>eBox</application> modules:"
9078
5892
msgstr ""
9079
5893
9080
5894
#: serverguide/C/remote-administration.xml:403(para)
9081
msgid ""
9082
"<emphasis>Network:</emphasis> allows configuration of the server's network "
9083
"options through eBox."
5895
msgid "<emphasis>Network:</emphasis> allows configuration of the server's network options through eBox."
9084
5896
msgstr ""
9085
5897
9086
5898
#: serverguide/C/remote-administration.xml:409(para)
9087
msgid ""
9088
"<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
5899
msgid "<emphasis>Firewall:</emphasis> configures firewall options for the eBox host."
9089
5900
msgstr ""
9090
5901
9091
5902
#: serverguide/C/remote-administration.xml:414(para)
9092
msgid ""
9093
"<emphasis>UsersandGroups:</emphasis> this module will manage users and "
9094
"groups contained in an <application>OpenLDAP</application> LDAP directory."
5903
msgid "<emphasis>UsersandGroups:</emphasis> this module will manage users and groups contained in an <application>OpenLDAP</application> LDAP directory."
9095
5904
msgstr ""
9096
5905
9097
5906
#: serverguide/C/remote-administration.xml:420(para)
9098
msgid ""
9099
"<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP "
9100
"server."
5907
msgid "<emphasis>DHCP:</emphasis> provides an interface for configuring a DHCP server."
9101
5908
msgstr ""
9102
5909
9103
5910
#: serverguide/C/remote-administration.xml:425(para)
9104
msgid ""
9105
"<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS "
9106
"server configuration options."
5911
msgid "<emphasis>DNS:</emphasis> provides <application>BIND9</application> DNS server configuration options."
9107
5912
msgstr ""
9108
5913
9109
5914
#: serverguide/C/remote-administration.xml:431(para)
9110
msgid ""
9111
"<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network "
9112
"Objects</emphasis>, which allow you to assign a name to an IP address or "
9113
"group of IPs."
5915
msgid "<emphasis>Objects:</emphasis> allow configuration of eBox <emphasis>Network Objects</emphasis>, which allow you to assign a name to an IP address or group of IPs."
9114
5916
msgstr ""
9115
5917
9116
5918
#: serverguide/C/remote-administration.xml:438(para)
9117
msgid ""
9118
"<emphasis>Services:</emphasis> displays configuration information for "
9119
"services that are available to the network."
5919
msgid "<emphasis>Services:</emphasis> displays configuration information for services that are available to the network."
9120
5920
msgstr ""
9121
5921
9122
5922
#: serverguide/C/remote-administration.xml:444(para)
9123
msgid ""
9124
"<emphasis>Squid:</emphasis> configuration options for the "
9125
"<application>Squid</application> proxy server."
5923
msgid "<emphasis>Squid:</emphasis> configuration options for the <application>Squid</application> proxy server."
9126
5924
msgstr ""
9127
5925
9128
5926
#: serverguide/C/remote-administration.xml:450(para)
9129
msgid ""
9130
"<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
5927
msgid "<emphasis>CA:</emphasis> configures a Certificate Authority for the server."
9131
5928
msgstr ""
9132
5929
9133
5930
#: serverguide/C/remote-administration.xml:455(para)
9143
5940
msgstr ""
9144
5941
9145
5942
#: serverguide/C/remote-administration.xml:470(para)
9146
msgid ""
9147
"<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private "
9148
"Network application."
5943
msgid "<emphasis>OpenVPN:</emphasis> setup options for OpenVPN Virtual Private Network application."
9149
5944
msgstr ""
9150
5945
9151
5946
#: serverguide/C/remote-administration.xml:481(para)
9152
msgid ""
9153
"For more information see the <ulink url=\"http://ebox-platform.com/\">eBox "
9154
"Home Page</ulink>."
5947
msgid "For more information see the <ulink url=\"http://ebox-platform.com/\">eBox Home Page</ulink>."
9155
5948
msgstr ""
9156
5949
9157
5950
#: serverguide/C/package-management.xml:13(title)
9159
5952
msgstr ""
9160
5953
9161
5954
#: serverguide/C/package-management.xml:14(para)
9162
msgid ""
9163
"Ubuntu features a comprehensive package management system for the "
9164
"installation, upgrade, configuration, and removal of software. In addition "
9165
"to providing access to an organized base of over 24,000 software packages "
9166
"for your Ubuntu computer, the package management facilities also feature "
9167
"dependency resolution capabilities and software update checking."
5955
msgid "Ubuntu features a comprehensive package management system for the installation, upgrade, configuration, and removal of software. In addition to providing access to an organized base of over 24,000 software packages for your Ubuntu computer, the package management facilities also feature dependency resolution capabilities and software update checking."
9168
5956
msgstr ""
9169
5957
9170
5958
#: serverguide/C/package-management.xml:16(para)
9171
msgid ""
9172
"Several tools are available for interacting with Ubuntu's package management "
9173
"system, from simple command-line utilities which may be easily automated by "
9174
"system administrators, to a simple graphical interface which is easy to use "
9175
"by those new to Ubuntu."
5959
msgid "Several tools are available for interacting with Ubuntu's package management system, from simple command-line utilities which may be easily automated by system administrators, to a simple graphical interface which is easy to use by those new to Ubuntu."
9176
5960
msgstr ""
9177
5961
9178
5962
#: serverguide/C/package-management.xml:21(para)
9179
msgid ""
9180
"Ubuntu's package management system is derived from the same system used by "
9181
"the Debian GNU/Linux distribution. The package files contain all of the "
9182
"necessary files, meta-data, and instructions to implement a particular "
9183
"functionality or software application on your Ubuntu computer."
5963
msgid "Ubuntu's package management system is derived from the same system used by the Debian GNU/Linux distribution. The package files contain all of the necessary files, meta-data, and instructions to implement a particular functionality or software application on your Ubuntu computer."
9184
5964
msgstr ""
9185
5965
9186
5966
#: serverguide/C/package-management.xml:24(para)
9187
msgid ""
9188
"Debian package files typically have the extension '.deb', and typically "
9189
"exist in <emphasis role=\"italics\">repositories</emphasis> which are "
9190
"collections of packages found on various media, such as CD-ROM discs, or "
9191
"online. Packages are normally of the pre-compiled binary format; thus "
9192
"installation is quick and requires no compiling of software."
5967
msgid "Debian package files typically have the extension '.deb', and typically exist in <emphasis role=\"italics\">repositories</emphasis> which are collections of packages found on various media, such as CD-ROM discs, or online. Packages are normally of the pre-compiled binary format; thus installation is quick and requires no compiling of software."
9193
5968
msgstr ""
9194
5969
9195
5970
#: serverguide/C/package-management.xml:27(para)
9196
msgid ""
9197
"Many complex packages use the concept of <emphasis "
9198
"role=\"italics\">dependencies</emphasis>. Dependencies are additional "
9199
"packages required by the principal package in order to function properly. "
9200
"For example, the speech synthesis package "
9201
"<application>Festival</application> depends upon the package "
9202
"<application>libasound2</application>, which is a package supplying the "
9203
"<application>ALSA</application> sound library needed for audio playback. In "
9204
"order for <application>Festival</application> to function, it and all of its "
9205
"dependencies must be installed. The software management tools in Ubuntu will "
9206
"do this automatically."
5971
msgid "Many complex packages use the concept of <emphasis role=\"italics\">dependencies</emphasis>. Dependencies are additional packages required by the principal package in order to function properly. For example, the speech synthesis package <application>Festival</application> depends upon the package <application>libasound2</application>, which is a package supplying the <application>ALSA</application> sound library needed for audio playback. In order for <application>Festival</application> to function, it and all of its dependencies must be installed. The software management tools in Ubuntu will do this automatically."
9207
5972
msgstr ""
9208
5973
9209
5974
#: serverguide/C/package-management.xml:32(title)
9211
5976
msgstr ""
9212
5977
9213
5978
#: serverguide/C/package-management.xml:34(para)
9214
msgid ""
9215
"<application>dpkg</application> is a package manager for "
9216
"<emphasis>Debian</emphasis> based systems. It can install, remove, and build "
9217
"packages, but unlike other package management system's it can not "
9218
"automatically download and install packages and their dependencies. This "
9219
"section covers using <application>dpkg</application> to manage locally "
9220
"installed packages:"
5979
msgid "<application>dpkg</application> is a package manager for <emphasis>Debian</emphasis> based systems. It can install, remove, and build packages, but unlike other package management system's it can not automatically download and install packages and their dependencies. This section covers using <application>dpkg</application> to manage locally installed packages:"
9221
5980
msgstr ""
9222
5981
9223
5982
#: serverguide/C/package-management.xml:43(para)
9224
msgid ""
9225
"To list all packages installed on the system, from a terminal prompt enter:"
5983
msgid "To list all packages installed on the system, from a terminal prompt enter:"
9226
5984
msgstr ""
9227
5985
9228
5986
#: serverguide/C/package-management.xml:48(command)
9230
5988
msgstr ""
9231
5989
9232
5990
#: serverguide/C/package-management.xml:54(para)
9233
msgid ""
9234
"Depending on the amount of packages on your system, this can generate a "
9235
"large amount of output. Pipe the output through "
9236
"<application>grep</application> to see if a specific package is installed:"
5991
msgid "Depending on the amount of packages on your system, this can generate a large amount of output. Pipe the output through <application>grep</application> to see if a specific package is installed:"
9237
5992
msgstr ""
9238
5993
9239
5994
#: serverguide/C/package-management.xml:60(command)
9241
5996
msgstr ""
9242
5997
9243
5998
#: serverguide/C/package-management.xml:63(para)
9244
msgid ""
9245
"Replace <emphasis>apache2</emphasis> with any package name, part of a "
9246
"package name, or other regular expression."
5999
msgid "Replace <emphasis>apache2</emphasis> with any package name, part of a package name, or other regular expression."
9247
6000
msgstr ""
9248
6001
9249
6002
#: serverguide/C/package-management.xml:70(para)
9250
msgid ""
9251
"To list the files installed by a package, in this case the "
9252
"<application>ufw</application> package, enter:"
6003
msgid "To list the files installed by a package, in this case the <application>ufw</application> package, enter:"
9253
6004
msgstr ""
9254
6005
9255
6006
#: serverguide/C/package-management.xml:75(command)
9257
6008
msgstr ""
9258
6009
9259
6010
#: serverguide/C/package-management.xml:81(para)
9260
msgid ""
9261
"If you are not sure which package installed a file, <application>dpkg -"
9262
"S</application> may be able to tell you. For example:"
6011
msgid "If you are not sure which package installed a file, <application>dpkg -S</application> may be able to tell you. For example:"
9263
6012
msgstr ""
9264
6013
9265
6014
#: serverguide/C/package-management.xml:87(command)
9272
6021
msgstr ""
9273
6022
9274
6023
#: serverguide/C/package-management.xml:91(para)
9275
msgid ""
9276
"The output shows that the <filename>/etc/host.conf</filename> belongs to the "
9277
"<application>base-files</application> package."
6024
msgid "The output shows that the <filename>/etc/host.conf</filename> belongs to the <application>base-files</application> package."
9278
6025
msgstr ""
9279
6026
9280
6027
#: serverguide/C/package-management.xml:96(para)
9281
msgid ""
9282
"Many files are automatically generated during the package install process, "
9283
"and even though they are on the filesystem <command>dpkg -S</command> may "
9284
"not know which package they belong to."
6028
msgid "Many files are automatically generated during the package install process, and even though they are on the filesystem <command>dpkg -S</command> may not know which package they belong to."
9285
6029
msgstr ""
9286
6030
9287
6031
#: serverguide/C/package-management.xml:105(para)
9293
6037
msgstr ""
9294
6038
9295
6039
#: serverguide/C/package-management.xml:113(para)
9296
msgid ""
9297
"Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of "
9298
"the local .deb file."
6040
msgid "Change <filename>zip_2.32-1_i386.deb</filename> to the actual file name of the local .deb file."
9299
6041
msgstr ""
9300
6042
9301
6043
#: serverguide/C/package-management.xml:120(para)
9307
6049
msgstr ""
9308
6050
9309
6051
#: serverguide/C/package-management.xml:129(para)
9310
msgid ""
9311
"Uninstalling packages using <application>dpkg</application>, in most cases, "
9312
"is <emphasis>NOT</emphasis> recommended. It is better to use a package "
9313
"manager that handles dependencies, to ensure that the system is in a "
9314
"consistent state. For example using <command>dpkg -r</command> you can "
9315
"remove the <application>zip</application> package, but any packages that "
9316
"depend on it will still be installed and may no longer function correctly."
6052
msgid "Uninstalling packages using <application>dpkg</application>, in most cases, is <emphasis>NOT</emphasis> recommended. It is better to use a package manager that handles dependencies, to ensure that the system is in a consistent state. For example using <command>dpkg -r</command> you can remove the <application>zip</application> package, but any packages that depend on it will still be installed and may no longer function correctly."
9317
6053
msgstr ""
9318
6054
9319
6055
#: serverguide/C/package-management.xml:140(para)
9320
msgid ""
9321
"For more <application>dpkg</application> options see the man page: "
9322
"<command>man dpkg</command>."
6056
msgid "For more <application>dpkg</application> options see the man page: <command>man dpkg</command>."
9323
6057
msgstr ""
9324
6058
9325
6059
#: serverguide/C/package-management.xml:146(title)
9327
6061
msgstr ""
9328
6062
9329
6063
#: serverguide/C/package-management.xml:147(para)
9330
msgid ""
9331
"The <application>apt-get</application> command is a powerful command-line "
9332
"tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> "
9333
"(APT) performing such functions as installation of new software packages, "
9334
"upgrade of existing software packages, updating of the package list index, "
9335
"and even upgrading the entire Ubuntu system."
6064
msgid "The <application>apt-get</application> command is a powerful command-line tool used to work with Ubuntu's <emphasis>Advanced Packaging Tool</emphasis> (APT) performing such functions as installation of new software packages, upgrade of existing software packages, updating of the package list index, and even upgrading the entire Ubuntu system."
9336
6065
msgstr ""
9337
6066
9338
6067
#: serverguide/C/package-management.xml:150(para)
9339
msgid ""
9340
"Being a simple command-line tool, <application>apt-get</application> has "
9341
"numerous advantages over other package management tools available in Ubuntu "
9342
"for server administrators. Some of these advantages include ease of use over "
9343
"simple terminal connections (SSH) and the ability to be used in system "
9344
"administration scripts, which can in turn be automated by the "
9345
"<application>cron</application> scheduling utility."
6068
msgid "Being a simple command-line tool, <application>apt-get</application> has numerous advantages over other package management tools available in Ubuntu for server administrators. Some of these advantages include ease of use over simple terminal connections (SSH) and the ability to be used in system administration scripts, which can in turn be automated by the <application>cron</application> scheduling utility."
9346
6069
msgstr ""
9347
6070
9348
6071
#: serverguide/C/package-management.xml:157(para)
9349
msgid ""
9350
"<emphasis role=\"bold\">Install a Package</emphasis>: Installation of "
9351
"packages using the <application>apt-get</application> tool is quite simple. "
9352
"For example, to install the network scanner <emphasis "
9353
"role=\"italics\">nmap</emphasis>, type the following: <screen>\n"
9354
"<command>sudo apt-get install nmap</command>\n"
9355
"</screen>"
6072
msgid "<emphasis role=\"bold\">Install a Package</emphasis>: Installation of packages using the <application>apt-get</application> tool is quite simple. For example, to install the network scanner <emphasis role=\"italics\">nmap</emphasis>, type the following: <screen>\n<command>sudo apt-get install nmap</command>\n</screen>"
9356
6073
msgstr ""
9357
6074
9358
6075
#: serverguide/C/package-management.xml:165(para)
9359
msgid ""
9360
"<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or "
9361
"packages is also a straightforward and simple process. To remove the nmap "
9362
"package installed in the previous example, type the following: <screen>\n"
9363
"<command>sudo apt-get remove nmap</command>\n"
9364
"</screen>"
6076
msgid "<emphasis role=\"bold\">Remove a Package</emphasis>: Removal of a package or packages is also a straightforward and simple process. To remove the nmap package installed in the previous example, type the following: <screen>\n<command>sudo apt-get remove nmap</command>\n</screen>"
9365
6077
msgstr ""
9366
6078
9367
6079
#: serverguide/C/package-management.xml:172(para)
9368
msgid ""
9369
"<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify "
9370
"multiple packages to be installed or removed, separated by spaces."
6080
msgid "<emphasis role=\"bold\">Multiple Packages</emphasis>: You may specify multiple packages to be installed or removed, separated by spaces."
9371
6081
msgstr ""
9372
6082
9373
6083
#: serverguide/C/package-management.xml:175(para)
9374
msgid ""
9375
"Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get "
9376
"remove</command> will remove the package configuration files as well. This "
9377
"may or may not be the desired effect so use with caution."
6084
msgid "Also, adding the <emphasis>--purge</emphasis> options to <command>apt-get remove</command> will remove the package configuration files as well. This may or may not be the desired effect so use with caution."
9378
6085
msgstr ""
9379
6086
9380
6087
#: serverguide/C/package-management.xml:181(para)
9381
msgid ""
9382
"<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package "
9383
"index is essentially a database of available packages from the repositories "
9384
"defined in the <filename>/etc/apt/sources.list</filename> file. To update "
9385
"the local package index with the latest changes made in repositories, type "
9386
"the following: <screen>\n"
9387
"<command>sudo apt-get update</command>\n"
9388
"</screen>"
6088
msgid "<emphasis role=\"bold\">Update the Package Index</emphasis>: The APT package index is essentially a database of available packages from the repositories defined in the <filename>/etc/apt/sources.list</filename> file. To update the local package index with the latest changes made in repositories, type the following: <screen>\n<command>sudo apt-get update</command>\n</screen>"
9389
6089
msgstr ""
9390
6090
9391
6091
#: serverguide/C/package-management.xml:189(para)
9392
msgid ""
9393
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated "
9394
"versions of packages currently installed on your computer may become "
9395
"available from the package repositories (for example security updates). To "
9396
"upgrade your system, first update your package index as outlined above, and "
9397
"then type: <screen>\n"
9398
"<command>sudo apt-get upgrade</command>\n"
9399
"</screen>"
6092
msgid "<emphasis role=\"bold\">Upgrade Packages</emphasis>: Over time, updated versions of packages currently installed on your computer may become available from the package repositories (for example security updates). To upgrade your system, first update your package index as outlined above, and then type: <screen>\n<command>sudo apt-get upgrade</command>\n</screen>"
9400
6093
msgstr ""
9401
6094
9402
6095
#: serverguide/C/package-management.xml:195(para)
9403
msgid ""
9404
"For information on upgrading to a new Ubuntu release see <xref "
9405
"linkend=\"installing-upgrading\"/>."
6096
msgid "For information on upgrading to a new Ubuntu release see <xref linkend=\"installing-upgrading\"/>."
9406
6097
msgstr ""
9407
6098
9408
6099
#: serverguide/C/package-management.xml:153(para)
9409
msgid ""
9410
"Some examples of popular uses for the <application>apt-get</application> "
9411
"utility: <placeholder-1/>"
6100
msgid "Some examples of popular uses for the <application>apt-get</application> utility: <placeholder-1/>"
9412
6101
msgstr ""
9413
6102
9414
6103
#: serverguide/C/package-management.xml:201(para)
9415
msgid ""
9416
"Actions of the <application>apt-get</application> command, such as "
9417
"installation and removal of packages, are logged in the /var/log/dpkg.log "
9418
"log file."
6104
msgid "Actions of the <application>apt-get</application> command, such as installation and removal of packages, are logged in the /var/log/dpkg.log log file."
9419
6105
msgstr ""
9420
6106
9421
6107
#: serverguide/C/package-management.xml:204(para)
9422
msgid ""
9423
"For further information about the use of <application>APT</application>, "
9424
"read the comprehensive <ulink url=\"http://www.debian.org/doc/user-"
9425
"manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get "
9426
"help</screen>"
6108
msgid "For further information about the use of <application>APT</application>, read the comprehensive <ulink url=\"http://www.debian.org/doc/user-manuals#apt-howto\">Debian APT User Manual</ulink> or type: <screen>apt-get help</screen>"
9427
6109
msgstr ""
9428
6110
9429
6111
#: serverguide/C/package-management.xml:208(title)
9431
6113
msgstr ""
9432
6114
9433
6115
#: serverguide/C/package-management.xml:209(para)
9434
msgid ""
9435
"<application>Aptitude</application> is a menu-driven, text-based front-end "
9436
"to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of "
9437
"the common package management functions, such as installation, removal, and "
9438
"upgrade, are performed in <application>Aptitude</application> with single-"
9439
"key commands, which are typically lowercase letters."
6116
msgid "<application>Aptitude</application> is a menu-driven, text-based front-end to the <emphasis>Advanced Packaging Tool</emphasis> (APT) system. Many of the common package management functions, such as installation, removal, and upgrade, are performed in <application>Aptitude</application> with single-key commands, which are typically lowercase letters."
9440
6117
msgstr ""
9441
6118
9442
6119
#: serverguide/C/package-management.xml:212(para)
9443
msgid ""
9444
"<application>Aptitude</application> is best suited for use in a non-"
9445
"graphical terminal environment to ensure proper functioning of the command "
9446
"keys. You may start <application>Aptitude</application> as a normal user "
9447
"with the following command at a terminal prompt: <screen>\n"
9448
"<command>sudo aptitude</command>\n"
9449
"</screen>"
6120
msgid "<application>Aptitude</application> is best suited for use in a non-graphical terminal environment to ensure proper functioning of the command keys. You may start <application>Aptitude</application> as a normal user with the following command at a terminal prompt: <screen>\n<command>sudo aptitude</command>\n</screen>"
9450
6121
msgstr ""
9451
6122
9452
6123
#: serverguide/C/package-management.xml:219(para)
9453
msgid ""
9454
"When <application>Aptitude</application> starts, you will see a menu bar at "
9455
"the top of the screen and two panes below the menu bar. The top pane "
9456
"contains package categories, such as <emphasis role=\"italics\">New "
9457
"Packages</emphasis> and <emphasis role=\"italics\">Not Installed "
9458
"Packages</emphasis>. The bottom pane contains information related to the "
9459
"packages and package categories."
6124
msgid "When <application>Aptitude</application> starts, you will see a menu bar at the top of the screen and two panes below the menu bar. The top pane contains package categories, such as <emphasis role=\"italics\">New Packages</emphasis> and <emphasis role=\"italics\">Not Installed Packages</emphasis>. The bottom pane contains information related to the packages and package categories."
9460
6125
msgstr ""
9461
6126
9462
6127
#: serverguide/C/package-management.xml:222(para)
9463
msgid ""
9464
"Using <application>Aptitude</application> for package management is "
9465
"relatively straightforward, and the user interface makes common tasks simple "
9466
"to perform. The following are examples of common package management "
9467
"functions as performed in <application>Aptitude</application>:"
6128
msgid "Using <application>Aptitude</application> for package management is relatively straightforward, and the user interface makes common tasks simple to perform. The following are examples of common package management functions as performed in <application>Aptitude</application>:"
9468
6129
msgstr ""
9469
6130
9470
6131
#: serverguide/C/package-management.xml:226(para)
9471
msgid ""
9472
"<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, "
9473
"locate the package via the Not Installed Packages package category, for "
9474
"example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> "
9475
"key, and highlight the package you wish to install. After highlighting the "
9476
"package you wish to install, press the <keycap>+</keycap> key, and the "
9477
"package entry should turn <emphasis role=\"italics\">green</emphasis>, "
9478
"indicating it has been marked for installation. Now press <keycap>g</keycap> "
9479
"to be presented with a summary of package actions. Press <keycap>g</keycap> "
9480
"again, and you will be prompted to become root to complete the installation. "
9481
"Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter "
9482
"your user password to become root. Finally, press <keycap>g</keycap> once "
9483
"more and you'll be prompted to download the package. Press "
9484
"<keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> "
9485
"prompt, and downloading and installation of the package will commence."
6132
msgid "<emphasis role=\"bold\">Install Packages</emphasis>: To install a package, locate the package via the Not Installed Packages package category, for example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and highlight the package you wish to install. After highlighting the package you wish to install, press the <keycap>+</keycap> key, and the package entry should turn <emphasis role=\"italics\">green</emphasis>, indicating it has been marked for installation. Now press <keycap>g</keycap> to be presented with a summary of package actions. Press <keycap>g</keycap> again, and you will be prompted to become root to complete the installation. Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter your user password to become root. Finally, press <keycap>g</keycap> once more and you'll be prompted to download the package. Press <keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> prompt, and downloading and installation of the package will commence."
9486
6133
msgstr ""
9487
6134
9488
6135
#: serverguide/C/package-management.xml:230(para)
9489
msgid ""
9490
"<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, "
9491
"locate the package via the Installed Packages package category, for example, "
9492
"by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and "
9493
"highlight the package you wish to remove. After highlighting the package you "
9494
"wish to install, press the <keycap>-</keycap> key, and the package entry "
9495
"should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has "
9496
"been marked for removal. Now press <keycap>g</keycap> to be presented with a "
9497
"summary of package actions. Press <keycap>g</keycap> again, and you will be "
9498
"prompted to become root to complete the installation. Press "
9499
"<keycap>ENTER</keycap> which will result in a Password: prompt. Enter your "
9500
"user password to become root. Finally, press <keycap>g</keycap> once more, "
9501
"and you'll be prompted to download the package. Press <keycap>ENTER</keycap> "
9502
"on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of "
9503
"the package will commence."
6136
msgid "<emphasis role=\"bold\">Remove Packages</emphasis>: To remove a package, locate the package via the Installed Packages package category, for example, by using the keyboard arrow keys and the <keycap>ENTER</keycap> key, and highlight the package you wish to remove. After highlighting the package you wish to install, press the <keycap>-</keycap> key, and the package entry should turn <emphasis role=\"italics\">pink</emphasis>, indicating it has been marked for removal. Now press <keycap>g</keycap> to be presented with a summary of package actions. Press <keycap>g</keycap> again, and you will be prompted to become root to complete the installation. Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter your user password to become root. Finally, press <keycap>g</keycap> once more, and you'll be prompted to download the package. Press <keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> prompt, and removal of the package will commence."
9504
6137
msgstr ""
9505
6138
9506
6139
#: serverguide/C/package-management.xml:234(para)
9507
msgid ""
9508
"<emphasis role=\"bold\">Update Package Index</emphasis>: To update the "
9509
"package index, simply press the <keycap>u</keycap> key and you will be "
9510
"prompted to become root to complete the update. Press <keycap>ENTER</keycap> "
9511
"which will result in a Password: prompt. Enter your user password to become "
9512
"root. Updating of the package index will commence. Press "
9513
"<keycap>ENTER</keycap> on the OK prompt when the download dialog is "
9514
"presented to complete the process."
6140
msgid "<emphasis role=\"bold\">Update Package Index</emphasis>: To update the package index, simply press the <keycap>u</keycap> key and you will be prompted to become root to complete the update. Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter your user password to become root. Updating of the package index will commence. Press <keycap>ENTER</keycap> on the OK prompt when the download dialog is presented to complete the process."
9515
6141
msgstr ""
9516
6142
9517
6143
#: serverguide/C/package-management.xml:238(para)
9518
msgid ""
9519
"<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, "
9520
"perform the update of the package index as detailed above, and then press "
9521
"the <keycap>U</keycap> key to mark all packages with updates. Now press "
9522
"<keycap>g</keycap> whereby you'll be presented with a summary of package "
9523
"actions. Press <keycap>g</keycap> again, and you will be prompted to become "
9524
"root to complete the installation. Press <keycap>ENTER</keycap> which will "
9525
"result in a Password: prompt. Enter your user password to become root. "
9526
"Finally, press <keycap>g</keycap> once more, and you'll be prompted to "
9527
"download the packages. Press <keycap>ENTER</keycap> on the <emphasis "
9528
"role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages "
9529
"will commence."
6144
msgid "<emphasis role=\"bold\">Upgrade Packages</emphasis>: To upgrade packages, perform the update of the package index as detailed above, and then press the <keycap>U</keycap> key to mark all packages with updates. Now press <keycap>g</keycap> whereby you'll be presented with a summary of package actions. Press <keycap>g</keycap> again, and you will be prompted to become root to complete the installation. Press <keycap>ENTER</keycap> which will result in a Password: prompt. Enter your user password to become root. Finally, press <keycap>g</keycap> once more, and you'll be prompted to download the packages. Press <keycap>ENTER</keycap> on the <emphasis role=\"italics\">Continue</emphasis> prompt, and upgrade of the packages will commence."
9530
6145
msgstr ""
9531
6146
9532
6147
#: serverguide/C/package-management.xml:245(para)
9534
6149
msgstr ""
9535
6150
9536
6151
#: serverguide/C/package-management.xml:250(para)
9537
msgid ""
9538
"<emphasis role=\"bold\">c</emphasis>: Package not installed, but package "
9539
"configuration remains on system"
6152
msgid "<emphasis role=\"bold\">c</emphasis>: Package not installed, but package configuration remains on system"
9540
6153
msgstr ""
9541
6154
9542
6155
#: serverguide/C/package-management.xml:254(para)
9552
6165
msgstr ""
9553
6166
9554
6167
#: serverguide/C/package-management.xml:266(para)
9555
msgid ""
9556
"<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet "
9557
"configured"
6168
msgid "<emphasis role=\"bold\">u</emphasis>: Unpacked files, but package not yet configured"
9558
6169
msgstr ""
9559
6170
9560
6171
#: serverguide/C/package-management.xml:270(para)
9561
msgid ""
9562
"<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed "
9563
"and requires fix"
6172
msgid "<emphasis role=\"bold\">C</emphasis>: Half-configured - Configuration failed and requires fix"
9564
6173
msgstr ""
9565
6174
9566
6175
#: serverguide/C/package-management.xml:274(para)
9567
msgid ""
9568
"<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and "
9569
"requires fix"
6176
msgid "<emphasis role=\"bold\">H</emphasis>: Half-installed - Removal failed and requires fix"
9570
6177
msgstr ""
9571
6178
9572
6179
#: serverguide/C/package-management.xml:242(para)
9573
msgid ""
9574
"The first column of information displayed in the package list in the top "
9575
"pane, when actually viewing packages lists the current state of the package, "
9576
"and uses the following key to describe the state of the package: "
9577
"<placeholder-1/>"
6180
msgid "The first column of information displayed in the package list in the top pane, when actually viewing packages lists the current state of the package, and uses the following key to describe the state of the package: <placeholder-1/>"
9578
6181
msgstr ""
9579
6182
9580
6183
#: serverguide/C/package-management.xml:280(para)
9581
msgid ""
9582
"To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you "
9583
"wish to exit. Many other functions are available from the Aptitude menu by "
9584
"pressing the <keycap>F10</keycap> key."
6184
msgid "To exit Aptitude, simply press the <keycap>q</keycap> key and confirm you wish to exit. Many other functions are available from the Aptitude menu by pressing the <keycap>F10</keycap> key."
9585
6185
msgstr ""
9586
6186
9587
6187
#: serverguide/C/package-management.xml:285(title)
9589
6189
msgstr ""
9590
6190
9591
6191
#: serverguide/C/package-management.xml:287(para)
9592
msgid ""
9593
"The <application>unattended-upgrades</application> package can be used to "
9594
"automatically install updated packages, and can be configured to update all "
9595
"packages or just install security updates. First, install the package by "
9596
"entering the following in a terminal:"
6192
msgid "The <application>unattended-upgrades</application> package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates. First, install the package by entering the following in a terminal:"
9597
6193
msgstr ""
9598
6194
9599
6195
#: serverguide/C/package-management.xml:293(command)
9601
6197
msgstr ""
9602
6198
9603
6199
#: serverguide/C/package-management.xml:296(para)
9604
msgid ""
9605
"To configure <application>unattended-upgrades</application>, edit "
9606
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust "
9607
"the following to fit your needs:"
6200
msgid "To configure <application>unattended-upgrades</application>, edit <filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> and adjust the following to fit your needs:"
9608
6201
msgstr ""
9609
6202
9610
6203
#: serverguide/C/package-management.xml:301(programlisting)
9611
6204
#, no-wrap
9612
msgid ""
9613
"\n"
9614
"Unattended-Upgrade::Allowed-Origins {\n"
9615
" \"Ubuntu karmic-security\";\n"
9616
"// \"Ubuntu karmic-updates\";\n"
9617
"};\n"
6205
msgid "\nUnattended-Upgrade::Allowed-Origins {\n \"Ubuntu lucid-security\";\n// \"Ubuntu lucid-updates\";\n};\n"
9618
6206
msgstr ""
9619
6207
9620
6208
#: serverguide/C/package-management.xml:308(para)
9621
msgid ""
9622
"Certain packages can also be <emphasis>blacklisted</emphasis> and therefore "
9623
"will not be automatically updated. To blacklist a package, add it to the "
9624
"list:"
6209
msgid "Certain packages can also be <emphasis>blacklisted</emphasis> and therefore will not be automatically updated. To blacklist a package, add it to the list:"
9625
6210
msgstr ""
9626
6211
9627
6212
#: serverguide/C/package-management.xml:313(programlisting)
9628
6213
#, no-wrap
9629
msgid ""
9630
"\n"
9631
"Unattended-Upgrade::Package-Blacklist {\n"
9632
"// \"vim\";\n"
9633
"// \"libc6\";\n"
9634
"// \"libc6-dev\";\n"
9635
"// \"libc6-i686\";\n"
9636
"};\n"
6214
msgid "\nUnattended-Upgrade::Package-Blacklist {\n// \"vim\";\n// \"libc6\";\n// \"libc6-dev\";\n// \"libc6-i686\";\n};\n"
9637
6215
msgstr ""
9638
6216
9639
6217
#: serverguide/C/package-management.xml:323(para)
9640
msgid ""
9641
"The double <emphasis><quote>//</quote></emphasis> serve as comments, so "
9642
"whatever follows \"//\" will not be evaluated."
6218
msgid "The double <emphasis><quote>//</quote></emphasis> serve as comments, so whatever follows \"//\" will not be evaluated."
9643
6219
msgstr ""
9644
6220
9645
6221
#: serverguide/C/package-management.xml:328(para)
9646
msgid ""
9647
"The results of <application>unattended-upgrades</application> will be logged "
9648
"to <filename>/var/log/unattended-upgrades</filename>."
6222
msgid "The results of <application>unattended-upgrades</application> will be logged to <filename>/var/log/unattended-upgrades</filename>."
9649
6223
msgstr ""
9650
6224
9651
6225
#: serverguide/C/package-management.xml:333(title)
9653
6227
msgstr ""
9654
6228
9655
6229
#: serverguide/C/package-management.xml:335(para)
9656
msgid ""
9657
"Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in "
9658
"<filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable "
9659
"<application>unattended-upgrades</application> to email an administrator "
9660
"detailing any packages that need upgrading or have problems."
6230
msgid "Configuring <emphasis>Unattended-Upgrade::Mail</emphasis> in <filename>/etc/apt/apt.conf.d/50unattended-upgrades</filename> will enable <application>unattended-upgrades</application> to email an administrator detailing any packages that need upgrading or have problems."
9661
6231
msgstr ""
9662
6232
9663
6233
#: serverguide/C/package-management.xml:340(para)
9664
msgid ""
9665
"Another useful package is <application>apticron</application>. "
9666
"<application>apticron</application> will configure a "
9667
"<application>cron</application> job to email an administrator information "
9668
"about any packages on the system that need updated as well as a summary of "
9669
"changes in each package."
6234
msgid "Another useful package is <application>apticron</application>. <application>apticron</application> will configure a <application>cron</application> job to email an administrator information about any packages on the system that have updates available, as well as a summary of changes in each package."
9670
6235
msgstr ""
9671
6236
9672
6237
#: serverguide/C/package-management.xml:346(para)
9673
msgid ""
9674
"To install the <application>apticron</application> package, in a terminal "
9675
"enter:"
6238
msgid "To install the <application>apticron</application> package, in a terminal enter:"
9676
6239
msgstr ""
9677
6240
9678
6241
#: serverguide/C/package-management.xml:351(command)
9680
6243
msgstr ""
9681
6244
9682
6245
#: serverguide/C/package-management.xml:354(para)
9683
msgid ""
9684
"Once the package is installed edit "
9685
"<filename>/etc/apticron/apticron.conf</filename>, to set the email address "
9686
"and other options:"
6246
msgid "Once the package is installed edit <filename>/etc/apticron/apticron.conf</filename>, to set the email address and other options:"
9687
6247
msgstr ""
9688
6248
9689
6249
#: serverguide/C/package-management.xml:358(programlisting)
9690
6250
#, no-wrap
9691
msgid ""
9692
"\n"
9693
"EMAIL=\"root@example.com\"\n"
6251
msgid "\nEMAIL=\"root@example.com\"\n"
9694
6252
msgstr ""
9695
6253
9696
6254
#: serverguide/C/package-management.xml:367(para)
9697
msgid ""
9698
"Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) "
9699
"system repositories is stored in the /etc/apt/sources.list configuration "
9700
"file. An example of this file is referenced here, along with information on "
9701
"adding or removing repository references from the file."
6255
msgid "Configuration of the <emphasis>Advanced Packaging Tool</emphasis> (APT) system repositories is stored in the /etc/apt/sources.list configuration file. An example of this file is referenced here, along with information on adding or removing repository references from the file."
9702
6256
msgstr ""
9703
6257
9704
6258
#: serverguide/C/package-management.xml:373(para)
9705
msgid ""
9706
"<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a "
9707
"typical <filename>/etc/apt/sources.list</filename> file."
6259
msgid "<ulink url=\"../sample/sources.list\">Here</ulink> is a simple example of a typical <filename>/etc/apt/sources.list</filename> file."
9708
6260
msgstr ""
9709
6261
9710
6262
#: serverguide/C/package-management.xml:377(para)
9711
msgid ""
9712
"You may edit the file to enable repositories or disable them. For example, "
9713
"to disable the requirement of inserting the Ubuntu CD-ROM whenever package "
9714
"operations occur, simply comment out the appropriate line for the CD-ROM, "
9715
"which appears at the top of the file:"
6263
msgid "You may edit the file to enable repositories or disable them. For example, to disable the requirement of inserting the Ubuntu CD-ROM whenever package operations occur, simply comment out the appropriate line for the CD-ROM, which appears at the top of the file:"
9716
6264
msgstr ""
9717
6265
9718
6266
#: serverguide/C/package-management.xml:382(screen)
9719
6267
#, no-wrap
9720
msgid ""
9721
"\n"
9722
"# no more prompting for CD-ROM please\n"
9723
"# deb cdrom:[Ubuntu 9.10_Karmic_Koala - Release i386 (20070419.1)]/ karmic "
9724
"main restricted\n"
6268
msgid "\n# no more prompting for CD-ROM please\n# deb cdrom:[Ubuntu 10.04_Lucid_Lynx - Release i386 (20070419.1)]/ lucid main restricted\n"
9725
6269
msgstr ""
9726
6270
9727
6271
#: serverguide/C/package-management.xml:388(title)
9729
6273
msgstr ""
9730
6274
9731
6275
#: serverguide/C/package-management.xml:389(para)
9732
msgid ""
9733
"In addition to the officially supported package repositories available for "
9734
"Ubuntu, there exist additional community-maintained repositories which add "
9735
"thousands more potential packages for installation. Two of the most popular "
9736
"are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> "
9737
"repositories. These repositories are not officially supported by Ubuntu, but "
9738
"because they are maintained by the community they generally provide packages "
9739
"which are safe for use with your Ubuntu computer."
6276
msgid "In addition to the officially supported package repositories available for Ubuntu, there exist additional community-maintained repositories which add thousands more potential packages for installation. Two of the most popular are the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> repositories. These repositories are not officially supported by Ubuntu, but because they are maintained by the community they generally provide packages which are safe for use with your Ubuntu computer."
9740
6277
msgstr ""
9741
6278
9742
6279
#: serverguide/C/package-management.xml:392(para)
9743
msgid ""
9744
"Packages in the <emphasis>Multiverse</emphasis> repository often have "
9745
"licensing issues that prevent them from being distributed with a free "
9746
"operating system, and they may be illegal in your locality."
6280
msgid "Packages in the <emphasis>Multiverse</emphasis> repository often have licensing issues that prevent them from being distributed with a free operating system, and they may be illegal in your locality."
9747
6281
msgstr ""
9748
6282
9749
6283
#: serverguide/C/package-management.xml:394(para)
9750
msgid ""
9751
"Be advised that neither the <emphasis>Universe</emphasis> or "
9752
"<emphasis>Multiverse</emphasis> repositories contain officially supported "
9753
"packages. In particular, there may not be security updates for these "
9754
"packages."
6284
msgid "Be advised that neither the <emphasis>Universe</emphasis> or <emphasis>Multiverse</emphasis> repositories contain officially supported packages. In particular, there may not be security updates for these packages."
9755
6285
msgstr ""
9756
6286
9757
6287
#: serverguide/C/package-management.xml:398(para)
9758
msgid ""
9759
"Many other package sources are available, sometimes even offering only one "
9760
"package, as in the case of package sources provided by the developer of a "
9761
"single application. You should always be very careful and cautious when "
9762
"using non-standard package sources, however. Research the source and "
9763
"packages carefully before performing any installation, as some package "
9764
"sources and their packages could render your system unstable or non-"
9765
"functional in some respects."
6288
msgid "Many other package sources are available, sometimes even offering only one package, as in the case of package sources provided by the developer of a single application. You should always be very careful and cautious when using non-standard package sources, however. Research the source and packages carefully before performing any installation, as some package sources and their packages could render your system unstable or non-functional in some respects."
9766
6289
msgstr ""
9767
6290
9768
6291
#: serverguide/C/package-management.xml:401(para)
9769
msgid ""
9770
"By default, the <emphasis>Universe</emphasis> and "
9771
"<emphasis>Multiverse</emphasis> repositories are enabled but if you would "
9772
"like to disable them edit <filename>/etc/apt/sources.list</filename> and "
9773
"comment the following lines:"
6292
msgid "By default, the <emphasis>Universe</emphasis> and <emphasis>Multiverse</emphasis> repositories are enabled but if you would like to disable them edit <filename>/etc/apt/sources.list</filename> and comment the following lines:"
9774
6293
msgstr ""
9775
6294
9776
6295
#: serverguide/C/package-management.xml:408(programlisting)
9777
6296
#, no-wrap
9778
msgid ""
9779
"\n"
9780
"deb http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9781
"deb-src http://archive.ubuntu.com/ubuntu karmic universe multiverse\n"
9782
"\n"
9783
"deb http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9784
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic universe\n"
9785
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9786
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe\n"
9787
"\n"
9788
"deb http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9789
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic multiverse\n"
9790
"deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9791
"deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse\n"
9792
"\n"
9793
"deb http://security.ubuntu.com/ubuntu karmic-security universe\n"
9794
"deb-src http://security.ubuntu.com/ubuntu karmic-security universe\n"
9795
"deb http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
9796
"deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse\n"
6297
msgid "\ndeb http://archive.ubuntu.com/ubuntu lucid universe multiverse\ndeb-src http://archive.ubuntu.com/ubuntu lucid universe multiverse\n\ndeb http://us.archive.ubuntu.com/ubuntu/ lucid universe\ndeb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe\ndeb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\ndeb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe\n\ndeb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse\ndeb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\ndeb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse\n\ndeb http://security.ubuntu.com/ubuntu lucid-security universe\ndeb-src http://security.ubuntu.com/ubuntu lucid-security universe\ndeb http://security.ubuntu.com/ubuntu lucid-security multiverse\ndeb-src http://security.ubuntu.com/ubuntu lucid-security multiverse\n"
9797
6298
msgstr ""
9798
6299
9799
6300
#: serverguide/C/package-management.xml:434(para)
9800
msgid ""
9801
"Most of the material covered in this chapter is available in "
9802
"<application>man</application> pages, many of which are available online."
6301
msgid "Most of the material covered in this chapter is available in <application>man</application> pages, many of which are available online."
9803
6302
msgstr ""
9804
6303
9805
6304
#: serverguide/C/package-management.xml:441(para)
9806
msgid ""
9807
"For more <application>dpkg</application> details see the <ulink "
9808
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/dpkg.1.html\">dpkg "
9809
"man page</ulink>."
6305
msgid "For more <application>dpkg</application> details see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/dpkg.1.html\">dpkg man page</ulink>."
9810
6306
msgstr ""
9811
6307
9812
6308
#: serverguide/C/package-management.xml:447(para)
9813
msgid ""
9814
"The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT "
9815
"HOWTO</ulink> and <ulink "
9816
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/apt-"
9817
"get.8.html\">apt-get man page</ulink> contain useful information regarding "
9818
"<application>apt-get</application> usage."
6309
msgid "The <ulink url=\"http://www.debian.org/doc/manuals/apt-howto/\">APT HOWTO</ulink> and <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/apt-get.8.html\">apt-get man page</ulink> contain useful information regarding <application>apt-get</application> usage."
9819
6310
msgstr ""
9820
6311
9821
6312
#: serverguide/C/package-management.xml:454(para)
9822
msgid ""
9823
"See the <ulink "
9824
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man8/aptitude.8.html\">aptit"
9825
"ude man page</ulink> for more <application>aptitude</application> options."
6313
msgid "See the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/man8/aptitude.8.html\">aptitude man page</ulink> for more <application>aptitude</application> options."
9826
6314
msgstr ""
9827
6315
9828
6316
#: serverguide/C/package-management.xml:460(para)
9829
msgid ""
9830
"The <ulink "
9831
"url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding "
9832
"Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on "
9833
"adding repositories."
6317
msgid "The <ulink url=\"https://help.ubuntu.com/community/Repositories/Ubuntu\">Adding Repositories HOWTO (Ubuntu Wiki)</ulink> page contains more details on adding repositories."
9834
6318
msgstr ""
9835
6319
9836
6320
#: serverguide/C/other-apps.xml:13(title)
9838
6322
msgstr ""
9839
6323
9840
6324
#: serverguide/C/other-apps.xml:15(para)
9841
msgid ""
9842
"There are many very useful applications developed by the Ubuntu Server Team, "
9843
"and others that are well integrated with Ubuntu Server Edition, that might "
9844
"not be well known. This chapter will showcase some useful applications that "
9845
"can make administering an Ubuntu server, or many Ubuntu servers, that much "
9846
"easier."
6325
msgid "There are many very useful applications developed by the Ubuntu Server Team, and others that are well integrated with Ubuntu Server Edition, that might not be well known. This chapter will showcase some useful applications that can make administering an Ubuntu server, or many Ubuntu servers, that much easier."
9847
6326
msgstr ""
9848
6327
9849
6328
#: serverguide/C/other-apps.xml:23(title)
9851
6330
msgstr ""
9852
6331
9853
6332
#: serverguide/C/other-apps.xml:25(para)
9854
msgid ""
9855
"When logging into an Ubuntu server you may have noticed the informative "
9856
"Message Of The Day (MOTD). This information is obtained and displayed using "
9857
"a couple of packages:"
6333
msgid "When logging into an Ubuntu server you may have noticed the informative Message Of The Day (MOTD). This information is obtained and displayed using a couple of packages:"
9858
6334
msgstr ""
9859
6335
9860
6336
#: serverguide/C/other-apps.xml:32(para)
9861
msgid ""
9862
"<emphasis>landscape-common:</emphasis> provides the core libraries of "
9863
"<application>landscape-client</application>, which can be used to manage "
9864
"systems using the web based <emphasis>Landscape</emphasis> application. The "
9865
"package includes the <application>/usr/bin/landscape-sysinfo</application> "
9866
"utility which is used to gather the information displayed in the MOTD."
6337
msgid "<emphasis>landscape-common:</emphasis> provides the core libraries of <application>landscape-client</application>, which can be used to manage systems using the web based <emphasis>Landscape</emphasis> application. The package includes the <application>/usr/bin/landscape-sysinfo</application> utility which is used to gather the information displayed in the MOTD."
9867
6338
msgstr ""
9868
6339
9869
6340
#: serverguide/C/other-apps.xml:40(para)
9870
msgid ""
9871
"<emphasis>update-motd:</emphasis> is used to automatically update the MOTD "
9872
"via <application>cron</application>."
6341
msgid "<emphasis>update-motd:</emphasis> is used to automatically update the MOTD via <application>cron</application>."
9873
6342
msgstr ""
9874
6343
9875
6344
#: serverguide/C/other-apps.xml:46(para)
9876
msgid ""
9877
"The <application>update-motd</application> utility has several options to "
9878
"further customize the MOTD:"
6345
msgid "The <application>update-motd</application> utility has several options to further customize the MOTD:"
9879
6346
msgstr ""
9880
6347
9881
6348
#: serverguide/C/other-apps.xml:52(para)
9882
msgid ""
9883
"<emphasis>--disable:</emphasis> prevents automatic updates of the MOTD. "
9884
"Using this option creates the <filename>/var/lib/update-"
9885
"motd/disabled</filename> file, which if present stops <application>update-"
9886
"motd</application> from modifying <filename>/etc/motd</filename>."
6349
msgid "<emphasis>--disable:</emphasis> prevents automatic updates of the MOTD. Using this option creates the <filename>/var/lib/update-motd/disabled</filename> file, which if present stops <application>update-motd</application> from modifying <filename>/etc/motd</filename>."
9887
6350
msgstr ""
9888
6351
9889
6352
#: serverguide/C/other-apps.xml:59(para)
9890
msgid ""
9891
"<emphasis>--enable:</emphasis> enables the automatic MOTD updates. If "
9892
"<filename>/var/lib/update-motd</filename> is present it will be removed."
6353
msgid "<emphasis>--enable:</emphasis> enables the automatic MOTD updates. If <filename>/var/lib/update-motd</filename> is present it will be removed."
9893
6354
msgstr ""
9894
6355
9895
6356
#: serverguide/C/other-apps.xml:65(para)
9896
msgid ""
9897
"<emphasis>--force:</emphasis> does a one time update of "
9898
"<filename>/etc/motd</filename>, overriding <application>update-"
9899
"motd</application> if it has been disabled."
6357
msgid "<emphasis>--force:</emphasis> does a one time update of <filename>/etc/motd</filename>, overriding <application>update-motd</application> if it has been disabled."
9900
6358
msgstr ""
9901
6359
9902
6360
#: serverguide/C/other-apps.xml:71(para)
9903
msgid ""
9904
"<emphasis>d, hourly, weekly, monthly:</emphasis> option will run the scripts "
9905
"in <filename>/etc/update-motd.d/</filename> (default), <filename>/etc/update-"
9906
"motd.d/hourly</filename>, <filename>/etc/update-motd.d/weekly</filename>, or "
9907
"<filename>/etc/update-motd.d/monthly</filename> respectively."
6361
msgid "<emphasis>d, hourly, weekly, monthly:</emphasis> option will run the scripts in <filename>/etc/update-motd.d/</filename> (default), <filename>/etc/update-motd.d/hourly</filename>, <filename>/etc/update-motd.d/weekly</filename>, or <filename>/etc/update-motd.d/monthly</filename> respectively."
9908
6362
msgstr ""
9909
6363
9910
6364
#: serverguide/C/other-apps.xml:79(para)
9911
msgid ""
9912
"<application>update-motd</application> executes the scripts in "
9913
"<filename>/etc/update-motd.d</filename> in order based on the number "
9914
"prepended to the script. Separate <application>cron</application> scripts "
9915
"execute every ten minutes, hourly, weekly, and monthly running the "
9916
"corresponding scripts in <filename>/etc/update-motd.d</filename>. The output "
9917
"of the scripts is written to <filename>/var/run/update-motd/</filename>, "
9918
"keeping the numerical order, then concatenated with "
9919
"<filename>/etc/motd.tail</filename> and written to "
9920
"<filename>/etc/motd</filename>."
6365
msgid "<application>update-motd</application> executes the scripts in <filename>/etc/update-motd.d</filename> in order based on the number prepended to the script. Separate <application>cron</application> scripts execute every ten minutes, hourly, weekly, and monthly running the corresponding scripts in <filename>/etc/update-motd.d</filename>. The output of the scripts is written to <filename>/var/run/update-motd/</filename>, keeping the numerical order, then concatenated with <filename>/etc/motd.tail</filename> and written to <filename>/etc/motd</filename>."
9921
6366
msgstr ""
9922
6367
9923
6368
#: serverguide/C/other-apps.xml:87(para)
9924
msgid ""
9925
"You can add your own dynamic information to the MOTD. For example, to add "
9926
"local weather information:"
6369
msgid "You can add your own dynamic information to the MOTD. For example, to add local weather information:"
9927
6370
msgstr ""
9928
6371
9929
6372
#: serverguide/C/other-apps.xml:93(para)
9935
6378
msgstr ""
9936
6379
9937
6380
#: serverguide/C/other-apps.xml:103(para)
9938
msgid ""
9939
"The <application>weather</application> utility uses METAR data from the "
9940
"National Oceanic and Atmospheric Administration and forecasts from the "
9941
"National Weather Service. In order to find local information you will need "
9942
"the 4-character ICAO location indicator. This can be determined by browsing "
9943
"to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National "
9944
"Weather Service</ulink> site."
6381
msgid "The <application>weather</application> utility uses METAR data from the National Oceanic and Atmospheric Administration and forecasts from the National Weather Service. In order to find local information you will need the 4-character ICAO location indicator. This can be determined by browsing to the <ulink url=\"http://www.weather.gov/tg/siteloc.shtml\">National Weather Service</ulink> site."
9945
6382
msgstr ""
9946
6383
9947
6384
#: serverguide/C/other-apps.xml:110(para)
9948
msgid ""
9949
"Although the National Weather Service is a United States government agency "
9950
"there are weather stations available world wide. However, local weather "
9951
"information for all locations outside the U.S. may not be available."
6385
msgid "Although the National Weather Service is a United States government agency there are weather stations available world wide. However, local weather information for all locations outside the U.S. may not be available."
9952
6386
msgstr ""
9953
6387
9954
6388
#: serverguide/C/other-apps.xml:116(para)
9955
msgid ""
9956
"Create <filename>/usr/local/bin/local-weather</filename>, a simple shell "
9957
"script to use <application>weather</application> with your local ICAO "
9958
"indicator:"
6389
msgid "Create <filename>/usr/local/bin/local-weather</filename>, a simple shell script to use <application>weather</application> with your local ICAO indicator:"
9959
6390
msgstr ""
9960
6391
9961
6392
#: serverguide/C/other-apps.xml:121(programlisting)
9962
6393
#, no-wrap
9963
msgid ""
9964
"\n"
9965
"#!/bin/sh\n"
9966
"##########################################################################\n"
9967
"#\n"
9968
"# Prints the local weather to /var/run/update-motd/60-local-weather \n"
9969
"# for update-motd.\n"
9970
"#\n"
9971
"##########################################################################\n"
9972
"\n"
9973
"# Replace KINT with your local weather station.\n"
9974
"# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n"
9975
"\n"
9976
"echo \"\" > /var/run/update-motd/60-local-weather\n"
9977
"weather -i KINT >> /var/run/update-motd/60-local-weather\n"
9978
"\n"
6394
msgid "\n#!/bin/sh\n##########################################################################\n#\n# Prints the local weather to /var/run/update-motd/60-local-weather \n# for update-motd.\n#\n##########################################################################\n\n# Replace KINT with your local weather station.\n# Local stations can be found here: http://www.weather.gov/tg/siteloc.shtml\n\necho \"\" > /var/run/update-motd/60-local-weather\nweather -i KINT >> /var/run/update-motd/60-local-weather\n\n"
9979
6395
msgstr ""
9980
6396
9981
6397
#: serverguide/C/other-apps.xml:139(para)
9987
6403
msgstr ""
9988
6404
9989
6405
#: serverguide/C/other-apps.xml:148(para)
9990
msgid ""
9991
"Next, create a symlink to <filename>/etc/update-motd.d/60-local-"
9992
"weather</filename>:"
6406
msgid "Next, create a symlink to <filename>/etc/update-motd.d/60-local-weather</filename>:"
9993
6407
msgstr ""
9994
6408
9995
6409
#: serverguide/C/other-apps.xml:153(command)
9996
msgid ""
9997
"sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
6410
msgid "sudo ln -s /usr/local/bin/local-weather /etc/update-motd.d/60-local-weather"
9998
6411
msgstr ""
9999
6412
10000
6413
#: serverguide/C/other-apps.xml:157(para)
10006
6419
msgstr ""
10007
6420
10008
6421
#: serverguide/C/other-apps.xml:167(para)
10009
msgid ""
10010
"You should now be greeted with some useful information, and some information "
10011
"about the local weather that may not be quite so useful. Hopefully the "
10012
"<application>local-weather</application> example demonstrates the "
10013
"flexibility of <application>update-motd</application>."
6422
msgid "You should now be greeted with some useful information, and some information about the local weather that may not be quite so useful. Hopefully the <application>local-weather</application> example demonstrates the flexibility of <application>update-motd</application>."
10014
6423
msgstr ""
10015
6424
10016
6425
#: serverguide/C/other-apps.xml:175(title)
10018
6427
msgstr ""
10019
6428
10020
6429
#: serverguide/C/other-apps.xml:177(para)
10021
msgid ""
10022
"<application>etckeeper</application> allows the contents of <filename "
10023
"role=\"directory\">/etc</filename> be easily stored in Version Control "
10024
"System (VCS) repository. It hooks into <application>apt</application> to "
10025
"automatically commit changes to <filename>/etc</filename> when packages are "
10026
"installed or upgraded. Placing <filename>/etc</filename> under version "
10027
"control is considered an industry best practice, and the goal of "
10028
"<application>etckeeper</application> is to make this process as painless as "
10029
"possible."
6430
msgid "<application>etckeeper</application> allows the contents of <filename role=\"directory\">/etc</filename> be easily stored in Version Control System (VCS) repository. It hooks into <application>apt</application> to automatically commit changes to <filename>/etc</filename> when packages are installed or upgraded. Placing <filename>/etc</filename> under version control is considered an industry best practice, and the goal of <application>etckeeper</application> is to make this process as painless as possible."
10030
6431
msgstr ""
10031
6432
10032
6433
#: serverguide/C/other-apps.xml:185(para)
10033
msgid ""
10034
"Install <application>etckeeper</application> by entering the following in a "
10035
"terminal:"
6434
msgid "Install <application>etckeeper</application> by entering the following in a terminal:"
10036
6435
msgstr ""
10037
6436
10038
6437
#: serverguide/C/other-apps.xml:190(command)
10040
6439
msgstr ""
10041
6440
10042
6441
#: serverguide/C/other-apps.xml:193(para)
10043
msgid ""
10044
"The main configuration file, "
10045
"<filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The "
10046
"main option is which VCS to use. By default "
10047
"<application>etckeeper</application> is configured to use "
10048
"<application>bzr</application> for version control. The repository is "
10049
"automatically initialized (and committed for the first time) during package "
10050
"installation. It is possible to undo this by entering the following command:"
6442
msgid "The main configuration file, <filename>/etc/etckeeper/etckeeper.conf</filename>, is fairly simple. The main option is which VCS to use. By default <application>etckeeper</application> is configured to use <application>bzr</application> for version control. The repository is automatically initialized (and committed for the first time) during package installation. It is possible to undo this by entering the following command:"
10051
6443
msgstr ""
10052
6444
10053
6445
#: serverguide/C/other-apps.xml:203(command)
10055
6447
msgstr ""
10056
6448
10057
6449
#: serverguide/C/other-apps.xml:206(para)
10058
msgid ""
10059
"By default, etckeeper will commit uncommitted changes made to /etc daily. "
10060
"This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. "
10061
"It will also automatically commit changes before and after package "
10062
"installation. For a more precise tracking of changes, it is recommended to "
10063
"commit your changes manually, together with a commit message, using:"
6450
msgid "By default, etckeeper will commit uncommitted changes made to /etc daily. This can be disabled using the AVOID_DAILY_AUTOCOMMITS configuration option. It will also automatically commit changes before and after package installation. For a more precise tracking of changes, it is recommended to commit your changes manually, together with a commit message, using:"
10064
6451
msgstr ""
10065
6452
10066
6453
#: serverguide/C/other-apps.xml:215(command)
10068
6455
msgstr ""
10069
6456
10070
6457
#: serverguide/C/other-apps.xml:218(para)
10071
msgid ""
10072
"Using the VCS commands you can view log information about files in "
10073
"<filename>/etc</filename>:"
6458
msgid "Using the VCS commands you can view log information about files in <filename>/etc</filename>:"
10074
6459
msgstr ""
10075
6460
10076
6461
#: serverguide/C/other-apps.xml:223(command)
10078
6463
msgstr ""
10079
6464
10080
6465
#: serverguide/C/other-apps.xml:226(para)
10081
msgid ""
10082
"To demonstrate the integration with the package management system, install "
10083
"<application>postfix</application>:"
6466
msgid "To demonstrate the integration with the package management system, install <application>postfix</application>:"
10084
6467
msgstr ""
10085
6468
10086
6469
#: serverguide/C/other-apps.xml:231(command) serverguide/C/mail.xml:45(command)
10088
6471
msgstr ""
10089
6472
10090
6473
#: serverguide/C/other-apps.xml:234(para)
10091
msgid ""
10092
"When the installation is finished, all the "
10093
"<application>postfix</application> configuration files should be committed "
10094
"to the repository:"
6474
msgid "When the installation is finished, all the <application>postfix</application> configuration files should be committed to the repository:"
10095
6475
msgstr ""
10096
6476
10097
6477
#: serverguide/C/other-apps.xml:240(computeroutput)
10098
6478
#, no-wrap
10099
msgid ""
10100
"Committing to: /etc/\n"
10101
"added aliases.db\n"
10102
"modified group\n"
10103
"modified group-\n"
10104
"modified gshadow\n"
10105
"modified gshadow-\n"
10106
"modified passwd\n"
10107
"modified passwd-\n"
10108
"added postfix\n"
10109
"added resolvconf\n"
10110
"added rsyslog.d\n"
10111
"modified shadow\n"
10112
"modified shadow-\n"
10113
"added init.d/postfix\n"
10114
"added network/if-down.d/postfix\n"
10115
"added network/if-up.d/postfix\n"
10116
"added postfix/dynamicmaps.cf\n"
10117
"added postfix/main.cf\n"
10118
"added postfix/master.cf\n"
10119
"added postfix/post-install\n"
10120
"added postfix/postfix-files\n"
10121
"added postfix/postfix-script\n"
10122
"added postfix/sasl\n"
10123
"added ppp/ip-down.d\n"
10124
"added ppp/ip-down.d/postfix\n"
10125
"added ppp/ip-up.d/postfix\n"
10126
"added rc0.d/K20postfix\n"
10127
"added rc1.d/K20postfix\n"
10128
"added rc2.d/S20postfix\n"
10129
"added rc3.d/S20postfix\n"
10130
"added rc4.d/S20postfix\n"
10131
"added rc5.d/S20postfix\n"
10132
"added rc6.d/K20postfix\n"
10133
"added resolvconf/update-libc.d\n"
10134
"added resolvconf/update-libc.d/postfix\n"
10135
"added rsyslog.d/postfix.conf\n"
10136
"added ufw/applications.d/postfix\n"
10137
"Committed revision 2."
6479
msgid "Committing to: /etc/\nadded aliases.db\nmodified group\nmodified group-\nmodified gshadow\nmodified gshadow-\nmodified passwd\nmodified passwd-\nadded postfix\nadded resolvconf\nadded rsyslog.d\nmodified shadow\nmodified shadow-\nadded init.d/postfix\nadded network/if-down.d/postfix\nadded network/if-up.d/postfix\nadded postfix/dynamicmaps.cf\nadded postfix/main.cf\nadded postfix/master.cf\nadded postfix/post-install\nadded postfix/postfix-files\nadded postfix/postfix-script\nadded postfix/sasl\nadded ppp/ip-down.d\nadded ppp/ip-down.d/postfix\nadded ppp/ip-up.d/postfix\nadded rc0.d/K20postfix\nadded rc1.d/K20postfix\nadded rc2.d/S20postfix\nadded rc3.d/S20postfix\nadded rc4.d/S20postfix\nadded rc5.d/S20postfix\nadded rc6.d/K20postfix\nadded resolvconf/update-libc.d\nadded resolvconf/update-libc.d/postfix\nadded rsyslog.d/postfix.conf\nadded ufw/applications.d/postfix\nCommitted revision 2."
10138
6480
msgstr ""
10139
6481
10140
6482
#: serverguide/C/other-apps.xml:280(para)
10141
msgid ""
10142
"For an example of how <application>etckeeper</application> tracks manual "
10143
"changes, add new a host to <filename>/etc/hosts</filename>. Using "
10144
"<application>bzr</application> you can see which files have been modified:"
6483
msgid "For an example of how <application>etckeeper</application> tracks manual changes, add new a host to <filename>/etc/hosts</filename>. Using <application>bzr</application> you can see which files have been modified:"
10145
6484
msgstr ""
10146
6485
10147
6486
#: serverguide/C/other-apps.xml:286(command)
10150
6489
10151
6490
#: serverguide/C/other-apps.xml:287(computeroutput)
10152
6491
#, no-wrap
10153
msgid ""
10154
"modified:\n"
10155
" hosts"
6492
msgid "modified:\n hosts"
10156
6493
msgstr ""
10157
6494
10158
6495
#: serverguide/C/other-apps.xml:291(para)
10164
6501
msgstr ""
10165
6502
10166
6503
#: serverguide/C/other-apps.xml:299(para)
10167
msgid ""
10168
"For more information on <application>bzr</application> see <xref "
10169
"linkend=\"bazaar\"/>."
6504
msgid "For more information on <application>bzr</application> see <xref linkend=\"bazaar\"/>."
10170
6505
msgstr ""
10171
6506
10172
6507
#: serverguide/C/other-apps.xml:305(title)
10174
6509
msgstr ""
10175
6510
10176
6511
#: serverguide/C/other-apps.xml:307(para)
10177
msgid ""
10178
"One of the most useful applications for any system administrator is "
10179
"<application>screen</application>. It allows the execution of multiple "
10180
"shells in one terminal. To make some of the advanced "
10181
"<application>screen</application> features more user friendly, and provide "
10182
"some useful information about the system, the <application>screen-"
10183
"profiles</application> package was created."
6512
msgid "One of the most useful applications for any system administrator is <application>screen</application>. It allows the execution of multiple shells in one terminal. To make some of the advanced <application>screen</application> features more user friendly, and provide some useful information about the system, the <application>screen-profiles</application> package was created."
10184
6513
msgstr ""
10185
6514
10186
6515
#: serverguide/C/other-apps.xml:314(para)
10187
msgid ""
10188
"When executing <application>screen</application> for the first time you will "
10189
"be presented with the <application>screen-profiles-helper</application> "
10190
"menu. This menu will allow you to:"
6516
msgid "When executing <application>screen</application> for the first time you will be presented with the <application>screen-profiles-helper</application> menu. This menu will allow you to:"
10191
6517
msgstr ""
10192
6518
10193
6519
#: serverguide/C/other-apps.xml:320(para)
10219
6545
msgstr ""
10220
6546
10221
6547
#: serverguide/C/other-apps.xml:329(para)
10222
msgid ""
10223
"The <emphasis>key bindings</emphasis> determine such things as the escape "
10224
"sequence, new window, change window, etc. There are two key binding sets to "
10225
"choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If "
10226
"you wish to use the original key bindings choose the "
10227
"<emphasis>none</emphasis> set."
6548
msgid "The <emphasis>key bindings</emphasis> determine such things as the escape sequence, new window, change window, etc. There are two key binding sets to choose from <emphasis>common</emphasis> and <emphasis>none</emphasis>. If you wish to use the original key bindings choose the <emphasis>none</emphasis> set."
10228
6549
msgstr ""
10229
6550
10230
6551
#: serverguide/C/other-apps.xml:335(para)
10231
msgid ""
10232
"The Ubuntu <application>screen-profiles</application> provide a menu which "
10233
"displays the Ubuntu release, processor information, memory information, and "
10234
"the time and date. The effect is similar to a desktop menu. When a profile "
10235
"is selected it will be symlinked to <filename>~/.screenrc</filename>. The "
10236
"<application>select-screen-profile</application> utility can also be used to "
10237
"change profiles, in a terminal enter:"
6552
msgid "The Ubuntu <application>screen-profiles</application> provide a menu which displays the Ubuntu release, processor information, memory information, and the time and date. The effect is similar to a desktop menu. When a profile is selected it will be symlinked to <filename>~/.screenrc</filename>. The <application>select-screen-profile</application> utility can also be used to change profiles, in a terminal enter:"
10238
6553
msgstr ""
10239
6554
10240
6555
#: serverguide/C/other-apps.xml:343(command)
10242
6557
msgstr ""
10243
6558
10244
6559
#: serverguide/C/other-apps.xml:346(para)
10245
msgid ""
10246
"The <emphasis>plain</emphasis> profile will change "
10247
"<application>screen</application> back to the defaults, which does not "
10248
"include the information menu at the bottom."
6560
msgid "The <emphasis>plain</emphasis> profile will change <application>screen</application> back to the defaults, which does not include the information menu at the bottom."
10249
6561
msgstr ""
10250
6562
10251
6563
#: serverguide/C/other-apps.xml:351(para)
10252
msgid ""
10253
"Using the <emphasis>\"Install screen by default at login\"</emphasis> option "
10254
"will cause screen to be executed any time a terminal is opened. Changes made "
10255
"to <application>screen</application> are on a per user basis, and will not "
10256
"affect other users on the system."
6564
msgid "Using the <emphasis>\"Install screen by default at login\"</emphasis> option will cause screen to be executed any time a terminal is opened. Changes made to <application>screen</application> are on a per user basis, and will not affect other users on the system."
10257
6565
msgstr ""
10258
6566
10259
6567
#: serverguide/C/other-apps.xml:356(para)
10260
msgid ""
10261
"One difference when using screen is the <emphasis>scrollback</emphasis> "
10262
"mode. If you are using one of the Ubuntu profiles press the "
10263
"<emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter "
10264
"scrollback mode. Scrollback mode allows you to navigate past output using "
10265
"<emphasis>vi</emphasis> like commands. Here is a quick list of movement "
10266
"commands:"
6568
msgid "One difference when using screen is the <emphasis>scrollback</emphasis> mode. If you are using one of the Ubuntu profiles press the <emphasis>F7</emphasis>, or <emphasis>Ctrl+a+[</emphasis> if not, to enter scrollback mode. Scrollback mode allows you to navigate past output using <emphasis>vi</emphasis> like commands. Here is a quick list of movement commands:"
10267
6569
msgstr ""
10268
6570
10269
6571
#: serverguide/C/other-apps.xml:363(para)
10291
6593
msgstr ""
10292
6594
10293
6595
#: serverguide/C/other-apps.xml:369(para)
10294
msgid ""
10295
"<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of "
10296
"the buffer)"
6596
msgid "<emphasis>G</emphasis> - Moves to the specified line (defaults to the end of the buffer)"
10297
6597
msgstr ""
10298
6598
10299
6599
#: serverguide/C/other-apps.xml:370(para)
10321
6621
msgstr ""
10322
6622
10323
6623
#: serverguide/C/other-apps.xml:376(para)
10324
msgid ""
10325
"<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
6624
msgid "<emphasis>n</emphasis> - Moves to the next match, either forward or backword"
10326
6625
msgstr ""
10327
6626
10328
6627
#: serverguide/C/other-apps.xml:385(para)
10329
msgid ""
10330
"See the <ulink "
10331
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-"
10332
"motd.1.html\">update-motd man page</ulink> for more options available to "
10333
"<application>update-motd</application>."
6628
msgid "See the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man1/update-motd.1.html\">update-motd man page</ulink> for more options available to <application>update-motd</application>."
10334
6629
msgstr ""
10335
6630
10336
6631
#: serverguide/C/other-apps.xml:391(para)
10337
msgid ""
10338
"The Debian Package of the Day <ulink "
10339
"url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-"
10340
"and-forecasts-on-the-command-line/\">weather</ulink> article has more "
10341
"details about using the <application>weather</application>utility."
6632
msgid "The Debian Package of the Day <ulink url=\"http://debaday.debian.net/2007/10/04/weather-check-weather-conditions-and-forecasts-on-the-command-line/\">weather</ulink> article has more details about using the <application>weather</application>utility."
10342
6633
msgstr ""
10343
6634
10344
6635
#: serverguide/C/other-apps.xml:398(para)
10345
msgid ""
10346
"See the <ulink "
10347
"url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for "
10348
"more details on using <application>etckeeper</application>."
6636
msgid "See the <ulink url=\"http://kitenet.net/~joey/code/etckeeper/\">etckeeper</ulink> site for more details on using <application>etckeeper</application>."
10349
6637
msgstr ""
10350
6638
10351
6639
#: serverguide/C/other-apps.xml:404(para)
10352
msgid ""
10353
"For the latest news and information about <application>bzr</application> see "
10354
"the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
6640
msgid "For the latest news and information about <application>bzr</application> see the <ulink url=\"http://bazaar-vcs.org/\">bzr</ulink> web site."
10355
6641
msgstr ""
10356
6642
10357
6643
#: serverguide/C/other-apps.xml:409(para)
10358
msgid ""
10359
"For more information on <application>screen</application> see the <ulink "
10360
"url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
6644
msgid "For more information on <application>screen</application> see the <ulink url=\"http://www.gnu.org/software/screen/\">screen web site</ulink>."
10361
6645
msgstr ""
10362
6646
10363
6647
#: serverguide/C/other-apps.xml:414(para)
10364
msgid ""
10365
"Also, see the <application>screen-profiles</application><ulink "
10366
"url=\"https://launchpad.net/screen-profiles\">project page</ulink> for more "
10367
"information."
6648
msgid "Also, see the <application>screen-profiles</application><ulink url=\"https://launchpad.net/screen-profiles\">project page</ulink> for more information."
10368
6649
msgstr ""
10369
6650
10370
6651
#: serverguide/C/network-config.xml:13(title)
10372
6653
msgstr ""
10373
6654
10374
6655
#: serverguide/C/network-config.xml:14(para)
10375
msgid ""
10376
"Networks consist of two or more devices, such as computer systems, printers, "
10377
"and related equipment which are connected by either physical cabling or "
10378
"wireless links for the purpose of sharing and distributing information among "
10379
"the connected devices."
6656
msgid "Networks consist of two or more devices, such as computer systems, printers, and related equipment which are connected by either physical cabling or wireless links for the purpose of sharing and distributing information among the connected devices."
10380
6657
msgstr ""
10381
6658
10382
6659
#: serverguide/C/network-config.xml:20(para)
10383
msgid ""
10384
"This section provides general and specific information pertaining to "
10385
"networking, including an overview of network concepts and detailed "
10386
"discussion of popular network protocols."
6660
msgid "This section provides general and specific information pertaining to networking, including an overview of network concepts and detailed discussion of popular network protocols."
10387
6661
msgstr ""
10388
6662
10389
6663
#: serverguide/C/network-config.xml:26(title)
10391
6665
msgstr ""
10392
6666
10393
6667
#: serverguide/C/network-config.xml:27(para)
10394
msgid ""
10395
"Ubuntu ships with a number of graphical utilities to configure your network "
10396
"devices. This document is geared toward server administrators and will focus "
10397
"on managing your network on the command line."
6668
msgid "Ubuntu ships with a number of graphical utilities to configure your network devices. This document is geared toward server administrators and will focus on managing your network on the command line."
10398
6669
msgstr ""
10399
6670
10400
6671
#: serverguide/C/network-config.xml:33(title)
10402
6673
msgstr ""
10403
6674
10404
6675
#: serverguide/C/network-config.xml:34(para)
10405
msgid ""
10406
"Most Ethernet configuration is centralized in a single file, "
10407
"<filename>/etc/network/interfaces</filename>. If you have no Ethernet "
10408
"devices, only the loopback interface will appear in this file, and it will "
10409
"look something like this:"
6676
msgid "Most Ethernet configuration is centralized in a single file, <filename>/etc/network/interfaces</filename>. If you have no Ethernet devices, only the loopback interface will appear in this file, and it will look something like this:"
10410
6677
msgstr ""
10411
6678
10412
6679
#: serverguide/C/network-config.xml:40(programlisting)
10413
6680
#, no-wrap
10414
msgid ""
10415
"\n"
10416
"# This file describes the network interfaces available on your system\n"
10417
"# and how to activate them. For more information, see interfaces(5).\n"
10418
"\n"
10419
"# The loopback network interface\n"
10420
"auto lo\n"
10421
"iface lo inet loopback\n"
10422
"address 127.0.0.1\n"
10423
"netmask 255.0.0.0\n"
6681
msgid "\n# This file describes the network interfaces available on your system\n# and how to activate them. For more information, see interfaces(5).\n\n# The loopback network interface\nauto lo\niface lo inet loopback\naddress 127.0.0.1\nnetmask 255.0.0.0\n"
10424
6682
msgstr ""
10425
6683
10426
6684
#: serverguide/C/network-config.xml:50(para)
10427
msgid ""
10428
"If you have only one Ethernet device, eth0, and it gets its configuration "
10429
"from a DHCP server, and it should come up automatically at boot, only two "
10430
"additional lines are required:"
6685
msgid "If you have only one Ethernet device, eth0, and it gets its configuration from a DHCP server, and it should come up automatically at boot, only two additional lines are required:"
10431
6686
msgstr ""
10432
6687
10433
6688
#: serverguide/C/network-config.xml:55(programlisting)
10434
6689
#, no-wrap
10435
msgid ""
10436
"\n"
10437
"auto eth0\n"
10438
"iface eth0 inet dhcp\n"
6690
msgid "\nauto eth0\niface eth0 inet dhcp\n"
10439
6691
msgstr ""
10440
6692
10441
6693
#: serverguide/C/network-config.xml:59(para)
10442
msgid ""
10443
"The first line specifies that the eth0 device should come up automatically "
10444
"when you boot. The second line means that interface (<quote>iface</quote>) "
10445
"eth0 should have an IPv4 address space (replace <quote>inet</quote> with "
10446
"<quote>inet6</quote> for an IPv6 device) and that it should get its "
10447
"configuration automatically from DHCP. Assuming your network and DHCP server "
10448
"are properly configured, this machine's network should need no further "
10449
"configuration to operate properly. The DHCP server will provide the default "
10450
"gateway (implemented via the <application>route</application> command), the "
10451
"device's IP address (implemented via the <application>ifconfig</application> "
10452
"command), and DNS servers used on the network (implemented in the "
10453
"<filename>/etc/resolv.conf</filename> file.)"
6694
msgid "The first line specifies that the eth0 device should come up automatically when you boot. The second line means that interface (<quote>iface</quote>) eth0 should have an IPv4 address space (replace <quote>inet</quote> with <quote>inet6</quote> for an IPv6 device) and that it should get its configuration automatically from DHCP. Assuming your network and DHCP server are properly configured, this machine's network should need no further configuration to operate properly. The DHCP server will provide the default gateway (implemented via the <application>route</application> command), the device's IP address (implemented via the <application>ifconfig</application> command), and DNS servers used on the network (implemented in the <filename>/etc/resolv.conf</filename> file.)"
10454
6695
msgstr ""
10455
6696
10456
6697
#: serverguide/C/network-config.xml:72(para)
10457
msgid ""
10458
"To configure your Ethernet device with a static IP address and custom "
10459
"configuration, some more information will be required. Suppose you want to "
10460
"assign the IP address 192.168.0.2 to the device eth1, with the typical "
10461
"netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. "
10462
"You would enter something like this into "
10463
"<filename>/etc/network/interfaces</filename>:"
6698
msgid "To configure your Ethernet device with a static IP address and custom configuration, some more information will be required. Suppose you want to assign the IP address 192.168.0.2 to the device eth1, with the typical netmask of 255.255.255.0. Your default gateway's IP address is 192.168.0.1. You would enter something like this into <filename>/etc/network/interfaces</filename>:"
10464
6699
msgstr ""
10465
6700
10466
6701
#: serverguide/C/network-config.xml:79(programlisting)
10467
6702
#, no-wrap
10468
msgid ""
10469
"\n"
10470
"iface eth1 inet static\n"
10471
"\taddress 192.168.0.2\n"
10472
"\tnetmask 255.255.255.0\n"
10473
"\tgateway 192.168.0.1\n"
10474
msgstr ""
10475
10476
#: serverguide/C/network-config.xml:85(para)
10477
msgid ""
10478
"In this case, you will need to specify your DNS servers manually in "
10479
"<filename>/etc/resolv.conf</filename>, which should look something like this:"
10480
msgstr ""
10481
10482
#: serverguide/C/network-config.xml:89(programlisting)
6703
msgid "\nauto eth1\niface eth1 inet static\n\taddress 192.168.0.2\n\tnetmask 255.255.255.0\n\tgateway 192.168.0.1\n"
6704
msgstr ""
6705
6706
#: serverguide/C/network-config.xml:86(para)
6707
msgid "In this case, you will need to specify your DNS servers manually in <filename>/etc/resolv.conf</filename>, which should look something like this:"
6708
msgstr ""
6709
6710
#: serverguide/C/network-config.xml:90(programlisting)
10483
6711
#, no-wrap
10484
msgid ""
10485
"\n"
10486
"search mydomain.example\n"
10487
"nameserver 192.168.0.1\n"
10488
"nameserver 4.2.2.2\n"
10489
msgstr ""
10490
10491
#: serverguide/C/network-config.xml:94(para)
10492
msgid ""
10493
"The <emphasis role=\"italics\">search</emphasis> directive will append "
10494
"mydomain.example to hostname queries in an attempt to resolve names to your "
10495
"network. For example, if your network's domain is mydomain.example and you "
10496
"try to ping the host <quote>mybox</quote>, the DNS query will be modified to "
10497
"<quote>mybox.mydomain.example</quote> for resolution. The <emphasis "
10498
"role=\"italics\">nameserver</emphasis> directives specify DNS servers to be "
10499
"used to resolve hostnames to IP addresses. If you use your own nameserver, "
10500
"enter it here. Otherwise, ask your Internet Service Provider for the primary "
10501
"and secondary DNS servers to use, and enter them into "
10502
"<filename>/etc/resolv.conf</filename> as shown above."
10503
msgstr ""
10504
10505
#: serverguide/C/network-config.xml:106(para)
10506
msgid ""
10507
"Many more configurations are possible, including dialup PPP interfaces, IPv6 "
10508
"networking, VPN devices, etc. Refer to <application>man 5 "
10509
"interfaces</application> for more information and supported options. "
10510
"Remember that <filename>/etc/network/interfaces</filename> is used by the "
10511
"<application>ifup</application>/<application>ifdown</application> scripts as "
10512
"a higher level configuration scheme than may be used in some other Linux "
10513
"distributions, and that the traditional, lower level utilities such as "
10514
"<application>ifconfig</application>, <application>route</application>, and "
10515
"<application>dhclient</application> are still available to you for ad hoc "
10516
"configurations."
10517
msgstr ""
10518
10519
#: serverguide/C/network-config.xml:120(title)
6712
msgid "\nsearch mydomain.example\nnameserver 192.168.0.1\nnameserver 4.2.2.2\n"
6713
msgstr ""
6714
6715
#: serverguide/C/network-config.xml:95(para)
6716
msgid "The <emphasis role=\"italics\">search</emphasis> directive will append mydomain.example to hostname queries in an attempt to resolve names to your network. For example, if your network's domain is mydomain.example and you try to ping the host <quote>mybox</quote>, the DNS query will be modified to <quote>mybox.mydomain.example</quote> for resolution. The <emphasis role=\"italics\">nameserver</emphasis> directives specify DNS servers to be used to resolve hostnames to IP addresses. If you use your own nameserver, enter it here. Otherwise, ask your Internet Service Provider for the primary and secondary DNS servers to use, and enter them into <filename>/etc/resolv.conf</filename> as shown above."
6717
msgstr ""
6718
6719
#: serverguide/C/network-config.xml:107(para)
6720
msgid "Many more configurations are possible, including dialup PPP interfaces, IPv6 networking, VPN devices, etc. Refer to <application>man 5 interfaces</application> for more information and supported options. Remember that <filename>/etc/network/interfaces</filename> is used by the <application>ifup</application>/<application>ifdown</application> scripts as a higher level configuration scheme than may be used in some other Linux distributions, and that the traditional, lower level utilities such as <application>ifconfig</application>, <application>route</application>, and <application>dhclient</application> are still available to you for ad hoc configurations."
6721
msgstr ""
6722
6723
#: serverguide/C/network-config.xml:121(title)
10520
6724
msgid "Managing DNS Entries"
10521
6725
msgstr ""
10522
6726
10523
#: serverguide/C/network-config.xml:121(para)
10524
msgid ""
10525
"This section explains how to configure which nameserver to use when "
10526
"resolving IP addresses to hostnames and vice versa. It does not explain how "
10527
"to configure the system as a name server."
10528
msgstr ""
10529
10530
#: serverguide/C/network-config.xml:126(para)
10531
msgid ""
10532
"To manage DNS entries, you can add, edit, or remove DNS names from the "
10533
"<filename>/etc/resolv.conf</filename> file. A sample file is given below:"
10534
msgstr ""
10535
10536
#: serverguide/C/network-config.xml:130(programlisting)
6727
#: serverguide/C/network-config.xml:122(para)
6728
msgid "This section explains how to configure which nameserver to use when resolving IP addresses to hostnames and vice versa. It does not explain how to configure the system as a name server."
6729
msgstr ""
6730
6731
#: serverguide/C/network-config.xml:127(para)
6732
msgid "To manage DNS entries, you can add, edit, or remove DNS names from the <filename>/etc/resolv.conf</filename> file. A sample file is given below:"
6733
msgstr ""
6734
6735
#: serverguide/C/network-config.xml:131(programlisting)
10537
6736
#, no-wrap
10538
msgid ""
10539
"\n"
10540
"search com\n"
10541
"nameserver 204.11.126.131\n"
10542
"nameserver 64.125.134.133\n"
10543
"nameserver 64.125.134.132\n"
10544
"nameserver 208.185.179.218\n"
10545
msgstr ""
10546
10547
#: serverguide/C/network-config.xml:138(para)
10548
msgid ""
10549
"The <application>search</application> key specifies the string which will be "
10550
"appended to an incomplete hostname. Here, we have configured it to "
10551
"<application>com</application>. So, when we run: <command>ping "
10552
"ubuntu</command> it would be interpreted as <command>ping "
10553
"ubuntu.com</command>."
10554
msgstr ""
10555
10556
#: serverguide/C/network-config.xml:146(para)
10557
msgid ""
10558
"The <application>nameserver</application> key specifies the nameserver IP "
10559
"address. It will be used to resolve a given IP address or hostname. This "
10560
"file can have multiple nameserver entries. The nameservers will be used by "
10561
"the network query in the same order."
10562
msgstr ""
10563
10564
#: serverguide/C/network-config.xml:155(para)
10565
msgid ""
10566
"If the DNS server names are retrieved dynamically from DHCP or PPPoE "
10567
"(retrieved from your ISP), do not add nameserver entries in this file. It "
10568
"will be overwritten."
10569
msgstr ""
10570
10571
#: serverguide/C/network-config.xml:164(title)
6737
msgid "\nsearch com\nnameserver 204.11.126.131\nnameserver 64.125.134.133\nnameserver 64.125.134.132\nnameserver 208.185.179.218\n"
6738
msgstr ""
6739
6740
#: serverguide/C/network-config.xml:139(para)
6741
msgid "The <application>search</application> key specifies the string which will be appended to an incomplete hostname. Here, we have configured it to <application>com</application>. So, when we run: <command>ping ubuntu</command> it would be interpreted as <command>ping ubuntu.com</command>."
6742
msgstr ""
6743
6744
#: serverguide/C/network-config.xml:147(para)
6745
msgid "The <application>nameserver</application> key specifies the nameserver IP address. It will be used to resolve a given IP address or hostname. This file can have multiple nameserver entries. The nameservers will be used by the network query in the same order."
6746
msgstr ""
6747
6748
#: serverguide/C/network-config.xml:156(para)
6749
msgid "If the DNS server names are retrieved dynamically from DHCP or PPPoE (retrieved from your ISP), do not add nameserver entries in this file. It will be overwritten."
6750
msgstr ""
6751
6752
#: serverguide/C/network-config.xml:165(title)
10572
6753
msgid "Managing Hosts"
10573
6754
msgstr ""
10574
6755
10575
#: serverguide/C/network-config.xml:165(para)
10576
msgid ""
10577
"To manage hosts, you can add, edit, or remove hosts from "
10578
"<filename>/etc/hosts</filename> file. The file contains IP addresses and "
10579
"their corresponding hostnames. When your system tries to resolve a hostname "
10580
"to an IP address or determine the hostname for an IP address, it refers to "
10581
"the <filename>/etc/hosts</filename> file before using the name servers. If "
10582
"the IP address is listed in the <filename>/etc/hosts</filename> file, the "
10583
"name servers are not used. This behavior can be modified by editing "
10584
"<filename>/etc/nsswitch.conf</filename> at your peril."
10585
msgstr ""
10586
10587
#: serverguide/C/network-config.xml:178(para)
10588
msgid ""
10589
"If your network contains computers whose IP addresses are not listed in DNS, "
10590
"it is recommended that you add them to the <filename>/etc/hosts</filename> "
10591
"file."
10592
msgstr ""
10593
10594
#: serverguide/C/network-config.xml:186(title)
6756
#: serverguide/C/network-config.xml:166(para)
6757
msgid "To manage hosts, you can add, edit, or remove hosts from <filename>/etc/hosts</filename> file. The file contains IP addresses and their corresponding hostnames. When your system tries to resolve a hostname to an IP address or determine the hostname for an IP address, it refers to the <filename>/etc/hosts</filename> file before using the name servers. If the IP address is listed in the <filename>/etc/hosts</filename> file, the name servers are not used. This behavior can be modified by editing <filename>/etc/nsswitch.conf</filename> at your peril."
6758
msgstr ""
6759
6760
#: serverguide/C/network-config.xml:179(para)
6761
msgid "If your network contains computers whose IP addresses are not listed in DNS, it is recommended that you add them to the <filename>/etc/hosts</filename> file."
6762
msgstr ""
6763
6764
#: serverguide/C/network-config.xml:187(title)
10595
6765
msgid "Bridging"
10596
6766
msgstr ""
10597
6767
10598
#: serverguide/C/network-config.xml:188(para)
10599
msgid ""
10600
"Bridging multiple interfaces is a more advanced configuration, but is very "
10601
"useful in multiple scenarios. One scenario is setting up a bridge with "
10602
"multiple network interfaces, then using a firewall to filter traffic between "
10603
"two network segments. Another scenario is using bridge on a system with one "
10604
"interface to allow virtual machines direct access to the outside network. "
10605
"The following example covers the latter scenario."
10606
msgstr ""
10607
10608
#: serverguide/C/network-config.xml:195(para)
10609
msgid ""
10610
"Before configuring a bridge you will need to install the <application>bridge-"
10611
"utils</application> package. To install the package, in a terminal enter:"
10612
msgstr ""
10613
10614
#: serverguide/C/network-config.xml:201(command)
6768
#: serverguide/C/network-config.xml:189(para)
6769
msgid "Bridging multiple interfaces is a more advanced configuration, but is very useful in multiple scenarios. One scenario is setting up a bridge with multiple network interfaces, then using a firewall to filter traffic between two network segments. Another scenario is using bridge on a system with one interface to allow virtual machines direct access to the outside network. The following example covers the latter scenario."
6770
msgstr ""
6771
6772
#: serverguide/C/network-config.xml:196(para)
6773
msgid "Before configuring a bridge you will need to install the <application>bridge-utils</application> package. To install the package, in a terminal enter:"
6774
msgstr ""
6775
6776
#: serverguide/C/network-config.xml:202(command)
10615
6777
msgid "sudo apt-get install bridge-utils"
10616
6778
msgstr ""
10617
6779
10618
#: serverguide/C/network-config.xml:204(para)
10619
msgid ""
10620
"Next, configure the bridge by editing "
10621
"<filename>/etc/network/interfaces</filename>:"
6780
#: serverguide/C/network-config.xml:205(para)
6781
msgid "Next, configure the bridge by editing <filename>/etc/network/interfaces</filename>:"
10622
6782
msgstr ""
10623
6783
10624
#: serverguide/C/network-config.xml:208(programlisting)
6784
#: serverguide/C/network-config.xml:209(programlisting)
10625
6785
#, no-wrap
10626
msgid ""
10627
"\n"
10628
"auto lo\n"
10629
"iface lo inet loopback\n"
10630
"\n"
10631
"auto br0\n"
10632
"iface br0 inet static\n"
10633
" address 192.168.0.10\n"
10634
" network 192.168.0.0\n"
10635
" netmask 255.255.255.0\n"
10636
" broadcast 192.168.0.255\n"
10637
" gateway 192.168.0.1\n"
10638
" bridge_ports eth0\n"
10639
" bridge_fd 9\n"
10640
" bridge_hello 2\n"
10641
" bridge_maxage 12\n"
10642
" bridge_stp off\n"
6786
msgid "\nauto lo\niface lo inet loopback\n\nauto br0\niface br0 inet static\n address 192.168.0.10\n network 192.168.0.0\n netmask 255.255.255.0\n broadcast 192.168.0.255\n gateway 192.168.0.1\n bridge_ports eth0\n bridge_fd 9\n bridge_hello 2\n bridge_maxage 12\n bridge_stp off\n"
10643
6787
msgstr ""
10644
6788
10645
#: serverguide/C/network-config.xml:227(para)
6789
#: serverguide/C/network-config.xml:228(para)
10646
6790
msgid "Enter the appropriate values for your physical interface and network."
10647
6791
msgstr ""
10648
6792
10649
#: serverguide/C/network-config.xml:232(para)
6793
#: serverguide/C/network-config.xml:233(para)
10650
6794
msgid "Now restart networking to enable the bridge interface:"
10651
6795
msgstr ""
10652
6796
10653
#: serverguide/C/network-config.xml:239(para)
10654
msgid ""
10655
"The new bridge interface should now be up and running. The "
10656
"<application>brctl</application> provides useful information about the state "
10657
"of the bridge, controls which interfaces are part of the bridge, etc. See "
10658
"<command>man brctl</command> for more information."
10659
msgstr ""
10660
10661
#: serverguide/C/network-config.xml:255(para)
10662
msgid ""
10663
"The <ulink "
10664
"url=\"http://manpages.ubuntu.com/manpages/karmic/en/man5/interfaces.5.html\">"
10665
"interfaces man page</ulink> has details on more options for "
10666
"<filename>/etc/network/interfaces</filename>."
10667
msgstr ""
10668
10669
#: serverguide/C/network-config.xml:261(para)
10670
msgid ""
10671
"For more information on DNS client configuration see the <ulink "
10672
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/resolver.5.html\">re"
10673
"solver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink "
10674
"url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network "
10675
"Administrator's Guide</ulink> is a good source of resolver and name service "
10676
"configuration information."
10677
msgstr ""
10678
10679
#: serverguide/C/network-config.xml:269(para)
10680
msgid ""
10681
"For more information on <emphasis>bridging</emphasis> see the <ulink "
10682
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/brctl.8.html\">brctl"
10683
" man page</ulink> and the Linux Foundation's <ulink "
10684
"url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
10685
msgstr ""
10686
10687
#: serverguide/C/network-config.xml:280(title)
6797
#: serverguide/C/network-config.xml:240(para)
6798
msgid "The new bridge interface should now be up and running. The <application>brctl</application> provides useful information about the state of the bridge, controls which interfaces are part of the bridge, etc. See <command>man brctl</command> for more information."
6799
msgstr ""
6800
6801
#: serverguide/C/network-config.xml:256(para)
6802
msgid "The <ulink url=\"http://manpages.ubuntu.com/manpages/lucid/en/man5/interfaces.5.html\">interfaces man page</ulink> has details on more options for <filename>/etc/network/interfaces</filename>."
6803
msgstr ""
6804
6805
#: serverguide/C/network-config.xml:262(para)
6806
msgid "For more information on DNS client configuration see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/resolver.5.html\">resolver man page</ulink>. Also, Chapter 6 of O'Reilly's <ulink url=\"http://oreilly.com/catalog/linag2/book/ch06.html\">Linux Network Administrator's Guide</ulink> is a good source of resolver and name service configuration information."
6807
msgstr ""
6808
6809
#: serverguide/C/network-config.xml:270(para)
6810
msgid "For more information on <emphasis>bridging</emphasis> see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/brctl.8.html\">brctl man page</ulink> and the Linux Foundation's <ulink url=\"http://www.linuxfoundation.org/en/Net:Bridge\">Net:Bridge</ulink> page."
6811
msgstr ""
6812
6813
#: serverguide/C/network-config.xml:281(title)
10688
6814
msgid "TCP/IP"
10689
6815
msgstr ""
10690
6816
10691
#: serverguide/C/network-config.xml:281(para)
10692
msgid ""
10693
"The Transmission Control Protocol and Internet Protocol (TCP/IP) is a "
10694
"standard set of protocols developed in the late 1970s by the Defense "
10695
"Advanced Research Projects Agency (DARPA) as a means of communication "
10696
"between different types of computers and computer networks. TCP/IP is the "
10697
"driving force of the Internet, and thus it is the most popular set of "
10698
"network protocols on Earth."
6817
#: serverguide/C/network-config.xml:282(para)
6818
msgid "The Transmission Control Protocol and Internet Protocol (TCP/IP) is a standard set of protocols developed in the late 1970s by the Defense Advanced Research Projects Agency (DARPA) as a means of communication between different types of computers and computer networks. TCP/IP is the driving force of the Internet, and thus it is the most popular set of network protocols on Earth."
10699
6819
msgstr ""
10700
6820
10701
#: serverguide/C/network-config.xml:289(title)
6821
#: serverguide/C/network-config.xml:290(title)
10702
6822
msgid "TCP/IP Introduction"
10703
6823
msgstr ""
10704
6824
10705
#: serverguide/C/network-config.xml:290(para)
10706
msgid ""
10707
"The two protocol components of TCP/IP deal with different aspects of "
10708
"computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of "
10709
"TCP/IP is a connectionless protocol which deals only with network packet "
10710
"routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the "
10711
"basic unit of networking information. The IP Datagram consists of a header "
10712
"followed by a message. The <emphasis> Transmission Control "
10713
"Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to "
10714
"establish connections which may be used to exchange data streams. TCP also "
10715
"guarantees that the data between connections is delivered and that it "
10716
"arrives at one network host in the same order as sent from another network "
10717
"host."
6825
#: serverguide/C/network-config.xml:291(para)
6826
msgid "The two protocol components of TCP/IP deal with different aspects of computer networking. <emphasis>Internet Protocol</emphasis>, the \"IP\" of TCP/IP is a connectionless protocol which deals only with network packet routing using the <emphasis role=\"italics\">IP Datagram</emphasis> as the basic unit of networking information. The IP Datagram consists of a header followed by a message. The <emphasis> Transmission Control Protocol</emphasis> is the \"TCP\" of TCP/IP and enables network hosts to establish connections which may be used to exchange data streams. TCP also guarantees that the data between connections is delivered and that it arrives at one network host in the same order as sent from another network host."
10718
6827
msgstr ""
10719
6828
10720
#: serverguide/C/network-config.xml:303(title)
6829
#: serverguide/C/network-config.xml:304(title)
10721
6830
msgid "TCP/IP Configuration"
10722
6831
msgstr ""
10723
6832
10724
#: serverguide/C/network-config.xml:304(para)
10725
msgid ""
10726
"The TCP/IP protocol configuration consists of several elements which must be "
10727
"set by editing the appropriate configuration files, or deploying solutions "
10728
"such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, "
10729
"can be configured to provide the proper TCP/IP configuration settings to "
10730
"network clients automatically. These configuration values must be set "
10731
"correctly in order to facilitate the proper network operation of your Ubuntu "
10732
"system."
10733
msgstr ""
10734
10735
#: serverguide/C/network-config.xml:316(para)
10736
msgid ""
10737
"<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique "
10738
"identifying string expressed as four decimal numbers ranging from zero (0) "
10739
"to two-hundred and fifty-five (255), separated by periods, with each of the "
10740
"four numbers representing eight (8) bits of the address for a total length "
10741
"of thirty-two (32) bits for the whole address. This format is called "
10742
"<emphasis>dotted quad notation</emphasis>."
10743
msgstr ""
10744
10745
#: serverguide/C/network-config.xml:326(para)
10746
msgid ""
10747
"<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, "
10748
"<emphasis>netmask</emphasis>) is a local bit mask, or set of flags which "
10749
"separate the portions of an IP address significant to the network from the "
10750
"bits significant to the <emphasis>subnetwork</emphasis>. For example, in a "
10751
"Class C network, the standard netmask is 255.255.255.0 which masks the first "
10752
"three bytes of the IP address and allows the last byte of the IP address to "
10753
"remain available for specifying hosts on the subnetwork."
10754
msgstr ""
10755
10756
#: serverguide/C/network-config.xml:337(para)
10757
msgid ""
10758
"<emphasis role=\"bold\">Network Address</emphasis> The Network Address "
10759
"represents the bytes comprising the network portion of an IP address. For "
10760
"example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the "
10761
"network address, where twelve (12) represents the first byte of the IP "
10762
"address, (the network part) and zeroes (0) in all of the remaining three "
10763
"bytes to represent the potential host values. A network host using the "
10764
"private IP address 192.168.1.100 would in turn use a Network Address of "
10765
"192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 "
10766
"network and a zero (0) for all the possible hosts on the network."
10767
msgstr ""
10768
10769
#: serverguide/C/network-config.xml:350(para)
10770
msgid ""
10771
"<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address "
10772
"is an IP address which allows network data to be sent simultaneously to all "
10773
"hosts on a given subnetwork rather than specifying a particular host. The "
10774
"standard general broadcast address for IP networks is 255.255.255.255, but "
10775
"this broadcast address cannot be used to send a broadcast message to every "
10776
"host on the Internet because routers block it. A more appropriate broadcast "
10777
"address is set to match a specific subnetwork. For example, on the private "
10778
"Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. "
10779
"Broadcast messages are typically produced by network protocols such as the "
10780
"Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
10781
msgstr ""
10782
10783
#: serverguide/C/network-config.xml:363(para)
10784
msgid ""
10785
"<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the "
10786
"IP address through which a particular network, or host on a network, may be "
10787
"reached. If one network host wishes to communicate with another network "
10788
"host, and that host is not located on the same network, then a "
10789
"<emphasis>gateway</emphasis> must be used. In many cases, the Gateway "
10790
"Address will be that of a router on the same network, which will in turn "
10791
"pass traffic on to other networks or hosts, such as Internet hosts. The "
10792
"value of the Gateway Address setting must be correct, or your system will "
10793
"not be able to reach any hosts beyond those on the same network."
10794
msgstr ""
10795
10796
#: serverguide/C/network-config.xml:374(para)
10797
msgid ""
10798
"<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses "
10799
"represent the IP addresses of Domain Name Service (DNS) systems, which "
10800
"resolve network hostnames into IP addresses. There are three levels of "
10801
"Nameserver Addresses, which may be specified in order of precedence: The "
10802
"<emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> "
10803
"Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for "
10804
"your system to be able to resolve network hostnames into their corresponding "
10805
"IP addresses, you must specify valid Nameserver Addresses which you are "
10806
"authorized to use in your system's TCP/IP configuration. In many cases these "
10807
"addresses can and will be provided by your network service provider, but "
10808
"many free and publicly accessible nameservers are available for use, such as "
10809
"the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
10810
msgstr ""
10811
10812
#: serverguide/C/network-config.xml:388(para)
10813
msgid ""
10814
"The IP address, Netmask, Network Address, Broadcast Address, and Gateway "
10815
"Address are typically specified via the appropriate directives in the file "
10816
"<filename>/etc/network/interfaces</filename>. The Nameserver Addresses are "
10817
"typically specified via <emphasis>nameserver</emphasis> directives in the "
10818
"file <filename>/etc/resolv.conf</filename>. For more information, view the "
10819
"system manual page for <filename>interfaces</filename> or "
10820
"<filename>resolv.conf</filename> respectively, with the following commands "
10821
"typed at a terminal prompt:"
10822
msgstr ""
10823
10824
#: serverguide/C/network-config.xml:395(para)
10825
msgid ""
10826
"Access the system manual page for <filename>interfaces</filename> with the "
10827
"following command:"
10828
msgstr ""
10829
10830
#: serverguide/C/network-config.xml:400(command)
6833
#: serverguide/C/network-config.xml:305(para)
6834
msgid "The TCP/IP protocol configuration consists of several elements which must be set by editing the appropriate configuration files, or deploying solutions such as the Dynamic Host Configuration Protocol (DHCP) server which in turn, can be configured to provide the proper TCP/IP configuration settings to network clients automatically. These configuration values must be set correctly in order to facilitate the proper network operation of your Ubuntu system."
6835
msgstr ""
6836
6837
#: serverguide/C/network-config.xml:317(para)
6838
msgid "<emphasis role=\"bold\">IP address</emphasis> The IP address is a unique identifying string expressed as four decimal numbers ranging from zero (0) to two-hundred and fifty-five (255), separated by periods, with each of the four numbers representing eight (8) bits of the address for a total length of thirty-two (32) bits for the whole address. This format is called <emphasis>dotted quad notation</emphasis>."
6839
msgstr ""
6840
6841
#: serverguide/C/network-config.xml:327(para)
6842
msgid "<emphasis role=\"bold\">Netmask</emphasis> The Subnet Mask (or simply, <emphasis>netmask</emphasis>) is a local bit mask, or set of flags which separate the portions of an IP address significant to the network from the bits significant to the <emphasis>subnetwork</emphasis>. For example, in a Class C network, the standard netmask is 255.255.255.0 which masks the first three bytes of the IP address and allows the last byte of the IP address to remain available for specifying hosts on the subnetwork."
6843
msgstr ""
6844
6845
#: serverguide/C/network-config.xml:338(para)
6846
msgid "<emphasis role=\"bold\">Network Address</emphasis> The Network Address represents the bytes comprising the network portion of an IP address. For example, the host 12.128.1.2 in a Class A network would use 12.0.0.0 as the network address, where twelve (12) represents the first byte of the IP address, (the network part) and zeroes (0) in all of the remaining three bytes to represent the potential host values. A network host using the private IP address 192.168.1.100 would in turn use a Network Address of 192.168.1.0, which specifies the first three bytes of the Class C 192.168.1 network and a zero (0) for all the possible hosts on the network."
6847
msgstr ""
6848
6849
#: serverguide/C/network-config.xml:351(para)
6850
msgid "<emphasis role=\"bold\">Broadcast Address</emphasis> The Broadcast Address is an IP address which allows network data to be sent simultaneously to all hosts on a given subnetwork rather than specifying a particular host. The standard general broadcast address for IP networks is 255.255.255.255, but this broadcast address cannot be used to send a broadcast message to every host on the Internet because routers block it. A more appropriate broadcast address is set to match a specific subnetwork. For example, on the private Class C IP network, 192.168.1.0, the broadcast address is 192.168.1.255. Broadcast messages are typically produced by network protocols such as the Address Resolution Protocol (ARP) and the Routing Information Protocol (RIP)."
6851
msgstr ""
6852
6853
#: serverguide/C/network-config.xml:364(para)
6854
msgid "<emphasis role=\"bold\">Gateway Address</emphasis> A Gateway Address is the IP address through which a particular network, or host on a network, may be reached. If one network host wishes to communicate with another network host, and that host is not located on the same network, then a <emphasis>gateway</emphasis> must be used. In many cases, the Gateway Address will be that of a router on the same network, which will in turn pass traffic on to other networks or hosts, such as Internet hosts. The value of the Gateway Address setting must be correct, or your system will not be able to reach any hosts beyond those on the same network."
6855
msgstr ""
6856
6857
#: serverguide/C/network-config.xml:375(para)
6858
msgid "<emphasis role=\"bold\">Nameserver Address</emphasis> Nameserver Addresses represent the IP addresses of Domain Name Service (DNS) systems, which resolve network hostnames into IP addresses. There are three levels of Nameserver Addresses, which may be specified in order of precedence: The <emphasis>Primary</emphasis> Nameserver, the <emphasis>Secondary</emphasis> Nameserver, and the <emphasis>Tertiary</emphasis> Nameserver. In order for your system to be able to resolve network hostnames into their corresponding IP addresses, you must specify valid Nameserver Addresses which you are authorized to use in your system's TCP/IP configuration. In many cases these addresses can and will be provided by your network service provider, but many free and publicly accessible nameservers are available for use, such as the Level3 (Verizon) servers with IP addresses from 4.2.2.1 to 4.2.2.6."
6859
msgstr ""
6860
6861
#: serverguide/C/network-config.xml:389(para)
6862
msgid "The IP address, Netmask, Network Address, Broadcast Address, and Gateway Address are typically specified via the appropriate directives in the file <filename>/etc/network/interfaces</filename>. The Nameserver Addresses are typically specified via <emphasis>nameserver</emphasis> directives in the file <filename>/etc/resolv.conf</filename>. For more information, view the system manual page for <filename>interfaces</filename> or <filename>resolv.conf</filename> respectively, with the following commands typed at a terminal prompt:"
6863
msgstr ""
6864
6865
#: serverguide/C/network-config.xml:396(para)
6866
msgid "Access the system manual page for <filename>interfaces</filename> with the following command:"
6867
msgstr ""
6868
6869
#: serverguide/C/network-config.xml:401(command)
10831
6870
msgid "man interfaces"
10832
6871
msgstr ""
10833
6872
10834
#: serverguide/C/network-config.xml:403(para)
10835
msgid ""
10836
"Access the system manual page for <filename>resolv.conf</filename> with the "
10837
"following command:"
6873
#: serverguide/C/network-config.xml:404(para)
6874
msgid "Access the system manual page for <filename>resolv.conf</filename> with the following command:"
10838
6875
msgstr ""
10839
6876
10840
#: serverguide/C/network-config.xml:407(command)
6877
#: serverguide/C/network-config.xml:408(command)
10841
6878
msgid "man resolv.conf"
10842
6879
msgstr ""
10843
6880
10844
#: serverguide/C/network-config.xml:312(para)
10845
msgid ""
10846
"The common configuration elements of TCP/IP and their purposes are as "
10847
"follows: <placeholder-1/>"
6881
#: serverguide/C/network-config.xml:313(para)
6882
msgid "The common configuration elements of TCP/IP and their purposes are as follows: <placeholder-1/>"
10848
6883
msgstr ""
10849
6884
10850
#: serverguide/C/network-config.xml:414(title)
6885
#: serverguide/C/network-config.xml:415(title)
10851
6886
msgid "IP Routing"
10852
6887
msgstr ""
10853
6888
10854
#: serverguide/C/network-config.xml:415(para)
10855
msgid ""
10856
"IP routing is a means of specifying and discovering paths in a TCP/IP "
10857
"network along which network data may be sent. Routing uses a set of "
10858
"<emphasis>routing tables</emphasis> to direct the forwarding of network data "
10859
"packets from their source to the destination, often via many intermediary "
10860
"network nodes known as <emphasis>routers</emphasis>. There are two primary "
10861
"forms of IP routing: <emphasis>Static Routing</emphasis> and "
10862
"<emphasis>Dynamic Routing.</emphasis>"
10863
msgstr ""
10864
10865
#: serverguide/C/network-config.xml:424(para)
10866
msgid ""
10867
"Static routing involves manually adding IP routes to the system's routing "
10868
"table, and this is usually done by manipulating the routing table with the "
10869
"<application>route</application> command. Static routing enjoys many "
10870
"advantages over dynamic routing, such as simplicity of implementation on "
10871
"smaller networks, predictability (the routing table is always computed in "
10872
"advance, and thus the route is precisely the same each time it is used), and "
10873
"low overhead on other routers and network links due to the lack of a dynamic "
10874
"routing protocol. However, static routing does present some disadvantages as "
10875
"well. For example, static routing is limited to small networks and does not "
10876
"scale well. Static routing also fails completely to adapt to network outages "
10877
"and failures along the route due to the fixed nature of the route."
10878
msgstr ""
10879
10880
#: serverguide/C/network-config.xml:434(para)
10881
msgid ""
10882
"Dynamic routing depends on large networks with multiple possible IP routes "
10883
"from a source to a destination and makes use of special routing protocols, "
10884
"such as the Router Information Protocol (RIP), which handle the automatic "
10885
"adjustments in routing tables that make dynamic routing possible. Dynamic "
10886
"routing has several advantages over static routing, such as superior "
10887
"scalability and the ability to adapt to failures and outages along network "
10888
"routes. Additionally, there is less manual configuration of the routing "
10889
"tables, since routers learn from one another about their existence and "
10890
"available routes. This trait also eliminates the possibility of introducing "
10891
"mistakes in the routing tables via human error. Dynamic routing is not "
10892
"perfect, however, and presents disadvantages such as heightened complexity "
10893
"and additional network overhead from router communications, which does not "
10894
"immediately benefit the end users, but still consumes network bandwidth."
10895
msgstr ""
10896
10897
#: serverguide/C/network-config.xml:448(title)
6889
#: serverguide/C/network-config.xml:416(para)
6890
msgid "IP routing is a means of specifying and discovering paths in a TCP/IP network along which network data may be sent. Routing uses a set of <emphasis>routing tables</emphasis> to direct the forwarding of network data packets from their source to the destination, often via many intermediary network nodes known as <emphasis>routers</emphasis>. There are two primary forms of IP routing: <emphasis>Static Routing</emphasis> and <emphasis>Dynamic Routing.</emphasis>"
6891
msgstr ""
6892
6893
#: serverguide/C/network-config.xml:425(para)
6894
msgid "Static routing involves manually adding IP routes to the system's routing table, and this is usually done by manipulating the routing table with the <application>route</application> command. Static routing enjoys many advantages over dynamic routing, such as simplicity of implementation on smaller networks, predictability (the routing table is always computed in advance, and thus the route is precisely the same each time it is used), and low overhead on other routers and network links due to the lack of a dynamic routing protocol. However, static routing does present some disadvantages as well. For example, static routing is limited to small networks and does not scale well. Static routing also fails completely to adapt to network outages and failures along the route due to the fixed nature of the route."
6895
msgstr ""
6896
6897
#: serverguide/C/network-config.xml:435(para)
6898
msgid "Dynamic routing depends on large networks with multiple possible IP routes from a source to a destination and makes use of special routing protocols, such as the Router Information Protocol (RIP), which handle the automatic adjustments in routing tables that make dynamic routing possible. Dynamic routing has several advantages over static routing, such as superior scalability and the ability to adapt to failures and outages along network routes. Additionally, there is less manual configuration of the routing tables, since routers learn from one another about their existence and available routes. This trait also eliminates the possibility of introducing mistakes in the routing tables via human error. Dynamic routing is not perfect, however, and presents disadvantages such as heightened complexity and additional network overhead from router communications, which does not immediately benefit the end users, but still consumes network bandwidth."
6899
msgstr ""
6900
6901
#: serverguide/C/network-config.xml:449(title)
10898
6902
msgid "TCP and UDP"
10899
6903
msgstr ""
10900
6904
10901
#: serverguide/C/network-config.xml:449(para)
10902
msgid ""
10903
"TCP is a connection-based protocol, offering error correction and guaranteed "
10904
"delivery of data via what is known as <emphasis>flow control</emphasis>. "
10905
"Flow control determines when the flow of a data stream needs to be stopped, "
10906
"and previously sent data packets should to be re-sent due to problems such "
10907
"as <emphasis>collisions</emphasis>, for example, thus ensuring complete and "
10908
"accurate delivery of the data. TCP is typically used in the exchange of "
10909
"important information such as database transactions."
10910
msgstr ""
10911
10912
#: serverguide/C/network-config.xml:457(para)
10913
msgid ""
10914
"The User Datagram Protocol (UDP), on the other hand, is a "
10915
"<emphasis>connectionless</emphasis> protocol which seldom deals with the "
10916
"transmission of important data because it lacks flow control or any other "
10917
"method to ensure reliable delivery of the data. UDP is commonly used in such "
10918
"applications as audio and video streaming, where it is considerably faster "
10919
"than TCP due to the lack of error correction and flow control, and where the "
10920
"loss of a few packets is not generally catastrophic."
10921
msgstr ""
10922
10923
#: serverguide/C/network-config.xml:467(title)
6905
#: serverguide/C/network-config.xml:450(para)
6906
msgid "TCP is a connection-based protocol, offering error correction and guaranteed delivery of data via what is known as <emphasis>flow control</emphasis>. Flow control determines when the flow of a data stream needs to be stopped, and previously sent data packets should to be re-sent due to problems such as <emphasis>collisions</emphasis>, for example, thus ensuring complete and accurate delivery of the data. TCP is typically used in the exchange of important information such as database transactions."
6907
msgstr ""
6908
6909
#: serverguide/C/network-config.xml:458(para)
6910
msgid "The User Datagram Protocol (UDP), on the other hand, is a <emphasis>connectionless</emphasis> protocol which seldom deals with the transmission of important data because it lacks flow control or any other method to ensure reliable delivery of the data. UDP is commonly used in such applications as audio and video streaming, where it is considerably faster than TCP due to the lack of error correction and flow control, and where the loss of a few packets is not generally catastrophic."
6911
msgstr ""
6912
6913
#: serverguide/C/network-config.xml:468(title)
10924
6914
msgid "ICMP"
10925
6915
msgstr ""
10926
6916
10927
#: serverguide/C/network-config.xml:468(para)
10928
msgid ""
10929
"The Internet Control Messaging Protocol (ICMP) is an extension to the "
10930
"Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and "
10931
"supports network packets containing control, error, and informational "
10932
"messages. ICMP is used by such network applications as the "
10933
"<application>ping</application> utility, which can determine the "
10934
"availability of a network host or device. Examples of some error messages "
10935
"returned by ICMP which are useful to both network hosts and devices such as "
10936
"routers, include <emphasis>Destination Unreachable</emphasis> and "
10937
"<emphasis>Time Exceeded</emphasis>."
6917
#: serverguide/C/network-config.xml:469(para)
6918
msgid "The Internet Control Messaging Protocol (ICMP) is an extension to the Internet Protocol (IP) as defined in the Request For Comments (RFC) #792 and supports network packets containing control, error, and informational messages. ICMP is used by such network applications as the <application>ping</application> utility, which can determine the availability of a network host or device. Examples of some error messages returned by ICMP which are useful to both network hosts and devices such as routers, include <emphasis>Destination Unreachable</emphasis> and <emphasis>Time Exceeded</emphasis>."
10938
6919
msgstr ""
10939
6920
10940
#: serverguide/C/network-config.xml:478(title)
6921
#: serverguide/C/network-config.xml:479(title)
10941
6922
msgid "Daemons"
10942
6923
msgstr ""
10943
6924
10944
#: serverguide/C/network-config.xml:479(para)
10945
msgid ""
10946
"Daemons are special system applications which typically execute continuously "
10947
"in the background and await requests for the functions they provide from "
10948
"other applications. Many daemons are network-centric; that is, a large "
10949
"number of daemons executing in the background on an Ubuntu system may "
10950
"provide network-related functionality. Some examples of such network daemons "
10951
"include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> "
10952
"(httpd), which provides web server functionality; the <emphasis>Secure SHell "
10953
"Daemon</emphasis> (sshd), which provides secure remote login shell and file "
10954
"transfer capabilities; and the <emphasis>Internet Message Access Protocol "
10955
"Daemon</emphasis> (imapd), which provides E-Mail services."
10956
msgstr ""
10957
10958
#: serverguide/C/network-config.xml:494(para)
10959
msgid ""
10960
"There are man pages for <ulink "
10961
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/tcp.7.html\">TCP</ul"
10962
"ink> and <ulink "
10963
"url=\"http://manpages.ubuntu.com/manpages/jaunty/man7/ip.7.html\">IP</ulink> "
10964
"that contain more useful information."
10965
msgstr ""
10966
10967
#: serverguide/C/network-config.xml:500(para)
10968
msgid ""
10969
"Also, see the <ulink "
10970
"url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial "
10971
"and Technical Overview</ulink> IBM Redbook."
10972
msgstr ""
10973
10974
#: serverguide/C/network-config.xml:506(para)
10975
msgid ""
10976
"Another resource is O'Reilly's <ulink "
10977
"url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network "
10978
"Administration</ulink>."
10979
msgstr ""
10980
10981
#: serverguide/C/network-config.xml:515(title)
6925
#: serverguide/C/network-config.xml:480(para)
6926
msgid "Daemons are special system applications which typically execute continuously in the background and await requests for the functions they provide from other applications. Many daemons are network-centric; that is, a large number of daemons executing in the background on an Ubuntu system may provide network-related functionality. Some examples of such network daemons include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis> (httpd), which provides web server functionality; the <emphasis>Secure SHell Daemon</emphasis> (sshd), which provides secure remote login shell and file transfer capabilities; and the <emphasis>Internet Message Access Protocol Daemon</emphasis> (imapd), which provides E-Mail services."
6927
msgstr ""
6928
6929
#: serverguide/C/network-config.xml:495(para)
6930
msgid "There are man pages for <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man7/tcp.7.html\">TCP</ulink> and <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/man7/ip.7.html\">IP</ulink> that contain more useful information."
6931
msgstr ""
6932
6933
#: serverguide/C/network-config.xml:501(para)
6934
msgid "Also, see the <ulink url=\"http://www.redbooks.ibm.com/abstracts/gg243376.html\">TCP/IP Tutorial and Technical Overview</ulink> IBM Redbook."
6935
msgstr ""
6936
6937
#: serverguide/C/network-config.xml:507(para)
6938
msgid "Another resource is O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596002978/\">TCP/IP Network Administration</ulink>."
6939
msgstr ""
6940
6941
#: serverguide/C/network-config.xml:516(title)
10982
6942
msgid "Dynamic Host Configuration Protocol (DHCP)"
10983
6943
msgstr ""
10984
6944
10985
#: serverguide/C/network-config.xml:516(para)
10986
msgid ""
10987
"The Dynamic Host Configuration Protocol (DHCP) is a network service that "
10988
"enables host computers to be automatically assigned settings from a server "
10989
"as opposed to manually configuring each network host. Computers configured "
10990
"to be DHCP clients have no control over the settings they receive from the "
10991
"DHCP server, and the configuration is transparent to the computer's user."
10992
msgstr ""
10993
10994
#: serverguide/C/network-config.xml:523(para)
10995
msgid ""
10996
"The most common settings provided by a DHCP server to DHCP clients include:"
10997
msgstr ""
10998
10999
#: serverguide/C/network-config.xml:528(para)
6945
#: serverguide/C/network-config.xml:517(para)
6946
msgid "The Dynamic Host Configuration Protocol (DHCP) is a network service that enables host computers to be automatically assigned settings from a server as opposed to manually configuring each network host. Computers configured to be DHCP clients have no control over the settings they receive from the DHCP server, and the configuration is transparent to the computer's user."
6947
msgstr ""
6948
6949
#: serverguide/C/network-config.xml:524(para)
6950
msgid "The most common settings provided by a DHCP server to DHCP clients include:"
6951
msgstr ""
6952
6953
#: serverguide/C/network-config.xml:529(para)
11000
6954
msgid "IP-Address and Netmask"
11001
6955
msgstr ""
11002
6956
11003
#: serverguide/C/network-config.xml:531(para)
6957
#: serverguide/C/network-config.xml:532(para)
11004
6958
msgid "DNS"
11005
6959
msgstr ""
11006
6960
11007
#: serverguide/C/network-config.xml:534(para)
6961
#: serverguide/C/network-config.xml:535(para)
11008
6962
msgid "WINS"
11009
6963
msgstr ""
11010
6964
11011
#: serverguide/C/network-config.xml:537(para)
11012
msgid ""
11013
"However, a DHCP server can also supply configuration properties such as:"
6965
#: serverguide/C/network-config.xml:538(para)
6966
msgid "However, a DHCP server can also supply configuration properties such as:"
11014
6967
msgstr ""
11015
6968
11016
#: serverguide/C/network-config.xml:542(para)
6969
#: serverguide/C/network-config.xml:543(para)
11017
6970
msgid "Host Name"
11018
6971
msgstr ""
11019
6972
11020
#: serverguide/C/network-config.xml:545(para)
6973
#: serverguide/C/network-config.xml:546(para)
11021
6974
msgid "Domain Name"
11022
6975
msgstr ""
11023
6976
11024
#: serverguide/C/network-config.xml:548(para)
6977
#: serverguide/C/network-config.xml:549(para)
11025
6978
msgid "Default Gateway"
11026
6979
msgstr ""
11027
6980
11028
#: serverguide/C/network-config.xml:551(para)
6981
#: serverguide/C/network-config.xml:552(para)
11029
6982
msgid "Time Server"
11030
6983
msgstr ""
11031
6984
11032
#: serverguide/C/network-config.xml:554(para)
6985
#: serverguide/C/network-config.xml:555(para)
11033
6986
msgid "Print Server"
11034
6987
msgstr ""
11035
6988
11036
#: serverguide/C/network-config.xml:557(para)
11037
msgid ""
11038
"The advantage of using DHCP is that changes to the network, for example a "
11039
"change in the address of the DNS server, need only be changed at the DHCP "
11040
"server, and all network hosts will be reconfigured the next time their DHCP "
11041
"clients poll the DHCP server. As an added advantage, it is also easier to "
11042
"integrate new computers into the network, as there is no need to check for "
11043
"the availability of an IP address. Conflicts in IP address allocation are "
11044
"also reduced."
6989
#: serverguide/C/network-config.xml:558(para)
6990
msgid "The advantage of using DHCP is that changes to the network, for example a change in the address of the DNS server, need only be changed at the DHCP server, and all network hosts will be reconfigured the next time their DHCP clients poll the DHCP server. As an added advantage, it is also easier to integrate new computers into the network, as there is no need to check for the availability of an IP address. Conflicts in IP address allocation are also reduced."
11045
6991
msgstr ""
11046
6992
11047
#: serverguide/C/network-config.xml:565(para)
6993
#: serverguide/C/network-config.xml:566(para)
11048
6994
msgid "A DHCP server can provide configuration settings using two methods:"
11049
6995
msgstr ""
11050
6996
11051
#: serverguide/C/network-config.xml:570(term)
6997
#: serverguide/C/network-config.xml:571(term)
11052
6998
msgid "MAC Address"
11053
6999
msgstr ""
11054
7000
11055
#: serverguide/C/network-config.xml:572(para)
11056
msgid ""
11057
"This method entails using DHCP to identify the unique hardware address of "
11058
"each network card connected to the network and then continually supplying a "
11059
"constant configuration each time the DHCP client makes a request to the DHCP "
11060
"server using that network device."
7001
#: serverguide/C/network-config.xml:573(para)
7002
msgid "This method entails using DHCP to identify the unique hardware address of each network card connected to the network and then continually supplying a constant configuration each time the DHCP client makes a request to the DHCP server using that network device."
11061
7003
msgstr ""
11062
7004
11063
#: serverguide/C/network-config.xml:581(term)
7005
#: serverguide/C/network-config.xml:582(term)
11064
7006
msgid "Address Pool"
11065
7007
msgstr ""
11066
7008
11067
#: serverguide/C/network-config.xml:583(para)
11068
msgid ""
11069
"This method entails defining a pool (sometimes also called a range or scope) "
11070
"of IP addresses from which DHCP clients are supplied their configuration "
11071
"properties dynamically and on a \"first come, first served\" basis. When a "
11072
"DHCP client is no longer on the network for a specified period, the "
11073
"configuration is expired and released back to the address pool for use by "
11074
"other DHCP Clients."
11075
msgstr ""
11076
11077
#: serverguide/C/network-config.xml:594(para)
11078
msgid ""
11079
"Ubuntu is shipped with both DHCP server and client. The server is "
11080
"<application>dhcpd</application> (dynamic host configuration protocol "
11081
"daemon). The client provided with Ubuntu is "
11082
"<application>dhclient</application> and should be installed on all computers "
11083
"required to be automatically configured. Both programs are easy to install "
11084
"and configure and will be automatically started at system boot."
11085
msgstr ""
11086
11087
#: serverguide/C/network-config.xml:604(para)
11088
msgid ""
11089
"At a terminal prompt, enter the following command to install "
11090
"<application>dhcpd</application>:"
11091
msgstr ""
11092
11093
#: serverguide/C/network-config.xml:609(command)
7009
#: serverguide/C/network-config.xml:584(para)
7010
msgid "This method entails defining a pool (sometimes also called a range or scope) of IP addresses from which DHCP clients are supplied their configuration properties dynamically and on a \"first come, first served\" basis. When a DHCP client is no longer on the network for a specified period, the configuration is expired and released back to the address pool for use by other DHCP Clients."
7011
msgstr ""
7012
7013
#: serverguide/C/network-config.xml:595(para)
7014
msgid "Ubuntu is shipped with both DHCP server and client. The server is <application>dhcpd</application> (dynamic host configuration protocol daemon). The client provided with Ubuntu is <application>dhclient</application> and should be installed on all computers required to be automatically configured. Both programs are easy to install and configure and will be automatically started at system boot."
7015
msgstr ""
7016
7017
#: serverguide/C/network-config.xml:605(para)
7018
msgid "At a terminal prompt, enter the following command to install <application>dhcpd</application>:"
7019
msgstr ""
7020
7021
#: serverguide/C/network-config.xml:610(command)
11094
7022
msgid "sudo apt-get install dhcp3-server"
11095
7023
msgstr ""
11096
7024
11097
#: serverguide/C/network-config.xml:611(para)
11098
msgid ""
11099
"You will probably need to change the default configuration by editing "
11100
"/etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
11101
msgstr ""
11102
11103
#: serverguide/C/network-config.xml:615(para)
11104
msgid ""
11105
"You also need to edit /etc/default/dhcp3-server to specify the interfaces "
11106
"dhcpd should listen to. By default it listens to eth0."
11107
msgstr ""
11108
11109
#: serverguide/C/network-config.xml:619(para)
11110
msgid ""
11111
"NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics "
11112
"messages."
11113
msgstr ""
11114
11115
#: serverguide/C/network-config.xml:626(para)
11116
msgid ""
11117
"The error message the installation ends with might be a little confusing, "
11118
"but the following steps will help you configure the service:"
11119
msgstr ""
11120
11121
#: serverguide/C/network-config.xml:630(para)
11122
msgid ""
11123
"Most commonly, what you want to do is assign an IP address randomly. This "
11124
"can be done with settings as follows:"
11125
msgstr ""
11126
11127
#: serverguide/C/network-config.xml:634(programlisting)
11128
#, no-wrap
11129
msgid ""
11130
"\n"
11131
"# Sample /etc/dhcpd.conf\n"
11132
"# (add your comments here) \n"
11133
"default-lease-time 600;\n"
11134
"max-lease-time 7200;\n"
11135
"option subnet-mask 255.255.255.0;\n"
11136
"option broadcast-address 192.168.1.255;\n"
11137
"option routers 192.168.1.254;\n"
11138
"option domain-name-servers 192.168.1.1, 192.168.1.2;\n"
11139
"option domain-name \"mydomain.example\";\n"
11140
"\n"
11141
"subnet 192.168.1.0 netmask 255.255.255.0 {\n"
11142
"range 192.168.1.10 192.168.1.100;\n"
11143
"range 192.168.1.150 192.168.1.200;\n"
11144
"} \n"
11145
msgstr ""
11146
11147
#: serverguide/C/network-config.xml:650(para)
11148
msgid ""
11149
"This will result in the DHCP server giving a client an IP address from the "
11150
"range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will "
11151
"lease an IP address for 600 seconds if the client doesn't ask for a specific "
11152
"time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The "
11153
"server will also \"advise\" the client that it should use 255.255.255.0 as "
11154
"its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as "
11155
"the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
11156
msgstr ""
11157
11158
#: serverguide/C/network-config.xml:659(para)
11159
msgid ""
11160
"If you need to specify a WINS server for your Windows clients, you will need "
11161
"to include the netbios-name-servers option, e.g."
11162
msgstr ""
11163
11164
#: serverguide/C/network-config.xml:663(programlisting)
11165
#, no-wrap
11166
msgid ""
11167
"\n"
11168
"option netbios-name-servers 192.168.1.1; \n"
11169
msgstr ""
11170
11171
#: serverguide/C/network-config.xml:666(para)
11172
msgid ""
11173
"Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can "
11174
"be found <ulink "
11175
"url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
11176
msgstr ""
11177
11178
#: serverguide/C/network-config.xml:676(para)
11179
msgid ""
11180
"For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink "
11181
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/dhcpd.conf.5.html\">"
11182
"dhcpd.conf man page</ulink>."
11183
msgstr ""
11184
11185
#: serverguide/C/network-config.xml:682(para)
11186
msgid ""
11187
"Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP "
11188
"FAQ</ulink>"
11189
msgstr ""
11190
11191
#: serverguide/C/network-config.xml:692(title)
7025
#: serverguide/C/network-config.xml:612(para)
7026
msgid "You will probably need to change the default configuration by editing /etc/dhcp3/dhcpd.conf to suit your needs and particular configuration."
7027
msgstr ""
7028
7029
#: serverguide/C/network-config.xml:616(para)
7030
msgid "You also need to edit /etc/default/dhcp3-server to specify the interfaces dhcpd should listen to. By default it listens to eth0."
7031
msgstr ""
7032
7033
#: serverguide/C/network-config.xml:620(para)
7034
msgid "NOTE: dhcpd's messages are being sent to syslog. Look there for diagnostics messages."
7035
msgstr ""
7036
7037
#: serverguide/C/network-config.xml:627(para)
7038
msgid "The error message the installation ends with might be a little confusing, but the following steps will help you configure the service:"
7039
msgstr ""
7040
7041
#: serverguide/C/network-config.xml:631(para)
7042
msgid "Most commonly, what you want to do is assign an IP address randomly. This can be done with settings as follows:"
7043
msgstr ""
7044
7045
#: serverguide/C/network-config.xml:635(programlisting)
7046
#, no-wrap
7047
msgid "\n# Sample /etc/dhcpd.conf\n# (add your comments here) \ndefault-lease-time 600;\nmax-lease-time 7200;\noption subnet-mask 255.255.255.0;\noption broadcast-address 192.168.1.255;\noption routers 192.168.1.254;\noption domain-name-servers 192.168.1.1, 192.168.1.2;\noption domain-name \"mydomain.example\";\n\nsubnet 192.168.1.0 netmask 255.255.255.0 {\nrange 192.168.1.10 192.168.1.100;\nrange 192.168.1.150 192.168.1.200;\n} \n"
7048
msgstr ""
7049
7050
#: serverguide/C/network-config.xml:651(para)
7051
msgid "This will result in the DHCP server giving a client an IP address from the range 192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP address for 600 seconds if the client doesn't ask for a specific time frame. Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also \"advise\" the client that it should use 255.255.255.0 as its subnet mask, 192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and 192.168.1.1 and 192.168.1.2 as its DNS servers."
7052
msgstr ""
7053
7054
#: serverguide/C/network-config.xml:660(para)
7055
msgid "If you need to specify a WINS server for your Windows clients, you will need to include the netbios-name-servers option, e.g."
7056
msgstr ""
7057
7058
#: serverguide/C/network-config.xml:664(programlisting)
7059
#, no-wrap
7060
msgid "\noption netbios-name-servers 192.168.1.1; \n"
7061
msgstr ""
7062
7063
#: serverguide/C/network-config.xml:667(para)
7064
msgid "Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can be found <ulink url=\"http://www.tldp.org/HOWTO/DHCP/index.html\">here</ulink>."
7065
msgstr ""
7066
7067
#: serverguide/C/network-config.xml:677(para)
7068
msgid "For more <filename>/etc/dhcp3/dchpd.conf</filename> options see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/dhcpd.conf.5.html\">dhcpd.conf man page</ulink>."
7069
msgstr ""
7070
7071
#: serverguide/C/network-config.xml:683(para)
7072
msgid "Also see the <ulink url=\"http://www.dhcp-handbook.com/dhcp_faq.html\">DHCP FAQ</ulink>"
7073
msgstr ""
7074
7075
#: serverguide/C/network-config.xml:693(title)
11192
7076
msgid "Time Synchronisation with NTP"
11193
7077
msgstr ""
11194
7078
11195
#: serverguide/C/network-config.xml:693(para)
11196
msgid ""
11197
"This page describes methods for keeping your computer's time accurate. This "
11198
"is useful for servers, but is not necessary (or desirable) for desktop "
11199
"machines."
11200
msgstr ""
11201
11202
#: serverguide/C/network-config.xml:696(para)
11203
msgid ""
11204
"NTP is a TCP/IP protocol for synchronising time over a network. Basically a "
11205
"client requests the current time from a server, and uses it to set its own "
11206
"clock."
11207
msgstr ""
11208
11209
#: serverguide/C/network-config.xml:699(para)
11210
msgid ""
11211
"Behind this simple description, there is a lot of complexity - there are "
11212
"tiers of NTP servers, with the tier one NTP servers connected to atomic "
11213
"clocks (often via GPS), and tier two and three servers spreading the load of "
11214
"actually handling requests across the Internet. Also the client software is "
11215
"a lot more complex than you might think - it has to factor out communication "
11216
"delays, and adjust the time in a way that does not upset all the other "
11217
"processes that run on the server. But luckily all that complexity is hidden "
11218
"from you!"
11219
msgstr ""
11220
11221
#: serverguide/C/network-config.xml:702(para)
11222
msgid ""
11223
"Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
11224
msgstr ""
11225
11226
#: serverguide/C/network-config.xml:707(title)
7079
#: serverguide/C/network-config.xml:694(para)
7080
msgid "This page describes methods for keeping your computer's time accurate. This is useful for servers, but is not necessary (or desirable) for desktop machines."
7081
msgstr ""
7082
7083
#: serverguide/C/network-config.xml:697(para)
7084
msgid "NTP is a TCP/IP protocol for synchronising time over a network. Basically a client requests the current time from a server, and uses it to set its own clock."
7085
msgstr ""
7086
7087
#: serverguide/C/network-config.xml:700(para)
7088
msgid "Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks (often via GPS), and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you!"
7089
msgstr ""
7090
7091
#: serverguide/C/network-config.xml:703(para)
7092
msgid "Ubuntu has two ways of automatically setting your time: ntpdate and ntpd."
7093
msgstr ""
7094
7095
#: serverguide/C/network-config.xml:708(title)
11227
7096
msgid "ntpdate"
11228
7097
msgstr ""
11229
7098
11230
#: serverguide/C/network-config.xml:708(para)
11231
msgid ""
11232
"Ubuntu comes with ntpdate as standard, and will run it once at boot time to "
11233
"set up your time according to Ubuntu's NTP server. However, a server's clock "
11234
"is likely to drift considerably between reboots, so it makes sense to "
11235
"correct the time occasionally. The easiest way to do this is to get cron to "
11236
"run ntpdate every day. With your favorite editor, as root, create a file "
11237
"<code>/etc/cron.daily/ntpdate</code> containing:"
7099
#: serverguide/C/network-config.xml:709(para)
7100
msgid "Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server. However, a server's clock is likely to drift considerably between reboots, so it makes sense to correct the time occasionally. The easiest way to do this is to get cron to run ntpdate every day. With your favorite editor, as root, create a file <code>/etc/cron.daily/ntpdate</code> containing:"
11238
7101
msgstr ""
11239
7102
11240
#: serverguide/C/network-config.xml:713(screen)
7103
#: serverguide/C/network-config.xml:714(screen)
11241
7104
#, no-wrap
11242
7105
msgid "ntpdate ntp.ubuntu.com\n"
11243
7106
msgstr ""
11244
7107
11245
#: serverguide/C/network-config.xml:715(para)
11246
msgid ""
11247
"The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
7108
#: serverguide/C/network-config.xml:716(para)
7109
msgid "The file <code>/etc/cron.daily/ntpdate</code> must also be executable."
11248
7110
msgstr ""
11249
7111
11250
#: serverguide/C/network-config.xml:718(screen)
7112
#: serverguide/C/network-config.xml:719(screen)
11251
7113
#, no-wrap
11252
7114
msgid "sudo chmod 755 /etc/cron.daily/ntpdate\n"
11253
7115
msgstr ""
11254
7116
11255
#: serverguide/C/network-config.xml:722(title)
7117
#: serverguide/C/network-config.xml:723(title)
11256
7118
msgid "ntpd"
11257
7119
msgstr ""
11258
7120
11259
#: serverguide/C/network-config.xml:723(para)
11260
msgid ""
11261
"ntpdate is a bit of a blunt instrument - it can only adjust the time once a "
11262
"day, in one big correction. The ntp daemon ntpd is far more subtle. It "
11263
"calculates the drift of your system clock and continuously adjusts it, so "
11264
"there are no large corrections that could lead to inconsistent logs for "
11265
"instance. The cost is a little processing power and memory, but for a modern "
11266
"server this is negligible."
7121
#: serverguide/C/network-config.xml:724(para)
7122
msgid "ntpdate is a bit of a blunt instrument - it can only adjust the time once a day, in one big correction. The ntp daemon ntpd is far more subtle. It calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is negligible."
11267
7123
msgstr ""
11268
7124
11269
#: serverguide/C/network-config.xml:726(para)
7125
#: serverguide/C/network-config.xml:727(para)
11270
7126
msgid "To set up ntpd:"
11271
7127
msgstr ""
11272
7128
11273
#: serverguide/C/network-config.xml:727(screen)
7129
#: serverguide/C/network-config.xml:728(screen)
11274
7130
#, no-wrap
11275
7131
msgid "sudo apt-get install ntp\n"
11276
7132
msgstr ""
11277
7133
11278
#: serverguide/C/network-config.xml:732(title)
7134
#: serverguide/C/network-config.xml:733(title)
11279
7135
msgid "Changing Time Servers"
11280
7136
msgstr ""
11281
7137
11282
#: serverguide/C/network-config.xml:733(para)
11283
msgid ""
11284
"In both cases above, your system will use Ubuntu's NTP server at "
11285
"<code>ntp.ubuntu.com</code> by default. This is OK, but you might want to "
11286
"use several servers to increase accuracy and resilience, and you may want to "
11287
"use time servers that are geographically closer to you. to do this for "
11288
"ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
7138
#: serverguide/C/network-config.xml:734(para)
7139
msgid "In both cases above, your system will use Ubuntu's NTP server at <code>ntp.ubuntu.com</code> by default. This is OK, but you might want to use several servers to increase accuracy and resilience, and you may want to use time servers that are geographically closer to you. to do this for ntpdate, change the contents of <code>/etc/cron.daily/ntpdate</code> to:"
11289
7140
msgstr ""
11290
7141
11291
#: serverguide/C/network-config.xml:740(screen)
7142
#: serverguide/C/network-config.xml:741(screen)
11292
7143
#, no-wrap
11293
7144
msgid "ntpdate ntp.ubuntu.com pool.ntp.org \n"
11294
7145
msgstr ""
11295
7146
11296
#: serverguide/C/network-config.xml:742(para)
11297
msgid ""
11298
"And for ntpd edit <code>/etc/ntp.conf</code> to include additional server "
11299
"lines:"
7147
#: serverguide/C/network-config.xml:743(para)
7148
msgid "And for ntpd edit <code>/etc/ntp.conf</code> to include additional server lines:"
11300
7149
msgstr ""
11301
7150
11302
#: serverguide/C/network-config.xml:747(screen)
7151
#: serverguide/C/network-config.xml:748(screen)
11303
7152
#, no-wrap
11304
msgid ""
11305
"server ntp.ubuntu.com\n"
11306
"server pool.ntp.org\n"
11307
msgstr ""
11308
11309
#: serverguide/C/network-config.xml:750(para)
11310
msgid ""
11311
"You may notice <code>pool.ntp.org</code> in the examples above. This is a "
11312
"really good idea which uses round-robin DNS to return an NTP server from a "
11313
"pool, spreading the load between several different servers. Even better, "
11314
"they have pools for different regions - for instance, if you are in New "
11315
"Zealand, so you could use <code>nz.pool.ntp.org</code> instead of "
11316
"<code>pool.ntp.org</code> . Look at <ulink "
11317
"url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more "
11318
"details."
11319
msgstr ""
11320
11321
#: serverguide/C/network-config.xml:761(para)
11322
msgid ""
11323
"You can also Google for NTP servers in your region, and add these to your "
11324
"configuration. To test that a server works, just type <code>sudo ntpdate "
11325
"ntp.server.name</code> and see what happens."
11326
msgstr ""
11327
11328
#: serverguide/C/network-config.xml:769(title)
7153
msgid "server ntp.ubuntu.com\nserver pool.ntp.org\n"
7154
msgstr ""
7155
7156
#: serverguide/C/network-config.xml:751(para)
7157
msgid "You may notice <code>pool.ntp.org</code> in the examples above. This is a really good idea which uses round-robin DNS to return an NTP server from a pool, spreading the load between several different servers. Even better, they have pools for different regions - for instance, if you are in New Zealand, so you could use <code>nz.pool.ntp.org</code> instead of <code>pool.ntp.org</code> . Look at <ulink url=\"http://www.pool.ntp.org/\">http://www.pool.ntp.org/</ulink> for more details."
7158
msgstr ""
7159
7160
#: serverguide/C/network-config.xml:762(para)
7161
msgid "You can also Google for NTP servers in your region, and add these to your configuration. To test that a server works, just type <code>sudo ntpdate ntp.server.name</code> and see what happens."
7162
msgstr ""
7163
7164
#: serverguide/C/network-config.xml:770(title)
11329
7165
msgid "Related Pages"
11330
7166
msgstr ""
11331
7167
11332
#: serverguide/C/network-config.xml:773(ulink)
7168
#: serverguide/C/network-config.xml:774(ulink)
11333
7169
msgid "NTP Support"
11334
7170
msgstr ""
11335
7171
11336
#: serverguide/C/network-config.xml:778(ulink)
7172
#: serverguide/C/network-config.xml:779(ulink)
11337
7173
msgid "The NTP FAQ and HOWTO"
11338
7174
msgstr ""
11339
7175
11350
7186
msgstr ""
11351
7187
11352
7188
#: serverguide/C/network-auth.xml:20(para)
11353
msgid ""
11354
"LDAP is an acronym for Lightweight Directory Access Protocol, it is a "
11355
"simplified version of the X.500 protocol. The directory setup in this "
11356
"section will be used for authentication. Nevertheless, LDAP can be used in "
11357
"numerous ways: authentication, shared directory (for mail clients), address "
11358
"book, etc."
7189
msgid "LDAP is an acronym for Lightweight Directory Access Protocol, it is a simplified version of the X.500 protocol. The directory setup in this section will be used for authentication. Nevertheless, LDAP can be used in numerous ways: authentication, shared directory (for mail clients), address book, etc."
11359
7190
msgstr ""
11360
7191
11361
7192
#: serverguide/C/network-auth.xml:28(para)
11362
msgid ""
11363
"To describe LDAP quickly, all information is stored in a tree structure. "
11364
"With <application>OpenLDAP</application> you have freedom to determine the "
11365
"directory arborescence (the Directory Information Tree: the DIT) yourself. "
11366
"We will begin with a basic tree containing two nodes below the root:"
7193
msgid "To describe LDAP quickly, all information is stored in a tree structure. With <application>OpenLDAP</application> you have freedom to determine the directory arborescence (the Directory Information Tree: the DIT) yourself. We will begin with a basic tree containing two nodes below the root:"
11367
7194
msgstr ""
11368
7195
11369
7196
#: serverguide/C/network-auth.xml:37(para)
11375
7202
msgstr ""
11376
7203
11377
7204
#: serverguide/C/network-auth.xml:44(para)
11378
msgid ""
11379
"Before beginning, you should determine what the root of your LDAP directory "
11380
"will be. By default, your tree will be determined by your Fully Qualified "
11381
"Domain Name (FQDN). If your domain is example.com (which we will use in this "
11382
"example), your root node will be dc=example,dc=com."
7205
msgid "Before beginning, you should determine what the root of your LDAP directory will be. By default, your tree will be determined by your Fully Qualified Domain Name (FQDN). If your domain is example.com (which we will use in this example), your root node will be dc=example,dc=com."
11383
7206
msgstr ""
11384
7207
11385
7208
#: serverguide/C/network-auth.xml:54(para)
11386
msgid ""
11387
"First, install the <application>OpenLDAP</application> server daemon "
11388
"<application>slapd</application> and <application>ldap-utils</application>, "
11389
"a package containing LDAP management utilities:"
7209
msgid "First, install the <application>OpenLDAP</application> server daemon <application>slapd</application> and <application>ldap-utils</application>, a package containing LDAP management utilities:"
11390
7210
msgstr ""
11391
7211
11392
7212
#: serverguide/C/network-auth.xml:60(command)
11394
7214
msgstr ""
11395
7215
11396
7216
#: serverguide/C/network-auth.xml:63(para)
11397
msgid ""
11398
"The installation process will prompt you for the LDAP directory admin "
11399
"password and confirmation."
7217
msgid "By default <application>slapd</application> is configured with minimal options needed to run the <application>slapd</application> daemon."
11400
7218
msgstr ""
11401
7219
11402
7220
#: serverguide/C/network-auth.xml:68(para)
11403
msgid ""
11404
"By default the directory suffix will match the domain name of the server. "
11405
"For example, if the machine's Fully Qualified Domain Name (FQDN) is "
11406
"ldap.example.com, the default suffix will be "
11407
"<emphasis>dc=example,dc=com</emphasis>. If you require a different suffix, "
11408
"the directory can be reconfigured using <application>dpkg-"
11409
"reconfigure</application>. Enter the following in a terminal prompt:"
11410
msgstr ""
11411
11412
#: serverguide/C/network-auth.xml:78(command)
11413
msgid "sudo dpkg-reconfigure slapd"
11414
msgstr ""
11415
11416
#: serverguide/C/network-auth.xml:81(para)
11417
msgid ""
11418
"You will then be taken through a menu based configuration dialog, allowing "
11419
"you to configure various <application>slapd</application> options."
11420
msgstr ""
11421
11422
#: serverguide/C/network-auth.xml:90(para)
11423
msgid ""
11424
"<application>OpenLDAP</application> uses a separate database which contains "
11425
"the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The "
11426
"<emphasis>cn=config</emphasis> DIT is used to dynamically configure the "
11427
"<application>slapd</application> daemon, allowing the modification of schema "
11428
"definitions, indexes, ACLs, etc without stopping the service."
11429
msgstr ""
11430
11431
#: serverguide/C/network-auth.xml:98(para)
11432
msgid ""
11433
"The <emphasis>cn=config</emphasis> tree can be manipulated using the "
11434
"utilities in the <application>ldap-utils</application> package. For example:"
11435
msgstr ""
11436
11437
#: serverguide/C/network-auth.xml:106(para)
11438
msgid ""
11439
"Use <application>ldapsearch</application> to view the tree, entering the "
11440
"admin password set during installation or reconfiguration:"
11441
msgstr ""
11442
11443
#: serverguide/C/network-auth.xml:112(command)
11444
msgid ""
11445
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb"
11446
msgstr ""
11447
11448
#: serverguide/C/network-auth.xml:116(computeroutput)
11449
#, no-wrap
11450
msgid ""
11451
"Enter LDAP Password: \n"
11452
"dn: olcDatabase={1}hdb,cn=config\n"
11453
"objectClass: olcDatabaseConfig\n"
11454
"objectClass: olcHdbConfig\n"
11455
"olcDatabase: {1}hdb\n"
11456
"olcDbDirectory: /var/lib/ldap\n"
11457
"olcSuffix: dc=example,dc=com\n"
11458
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
11459
"dn=\"cn=admin,dc=exampl\n"
11460
" e,dc=com\" write by anonymous auth by self write by * none\n"
11461
"olcAccess: {1}to dn.base=\"\" by * read\n"
11462
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
11463
"olcLastMod: TRUE\n"
11464
"olcDbCheckpoint: 512 30\n"
11465
"olcDbConfig: {0}set_cachesize 0 2097152 0\n"
11466
"olcDbConfig: {1}set_lk_max_objects 1500\n"
11467
"olcDbConfig: {2}set_lk_max_locks 1500\n"
11468
"olcDbConfig: {3}set_lk_max_lockers 1500\n"
11469
"olcDbIndex: objectClass eq\n"
11470
msgstr ""
11471
11472
#: serverguide/C/network-auth.xml:137(para)
11473
msgid ""
11474
"The output above is the current configuration options for the "
11475
"<emphasis>hdb</emphasis> backend database. Which in this case containes the "
11476
"<emphasis>dc=example,dc=com</emphasis> suffix."
11477
msgstr ""
11478
11479
#: serverguide/C/network-auth.xml:146(para)
11480
msgid ""
11481
"Refine the search by supplying a <emphasis "
11482
"role=\"italic\">filter</emphasis>, in this case only show which attributes "
11483
"are indexed:"
11484
msgstr ""
11485
11486
#: serverguide/C/network-auth.xml:152(command)
11487
msgid ""
11488
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb "
11489
"olcDbIndex"
11490
msgstr ""
11491
11492
#: serverguide/C/network-auth.xml:156(computeroutput)
11493
#, no-wrap
11494
msgid ""
11495
"Enter LDAP Password: \n"
11496
"dn: olcDatabase={1}hdb,cn=config\n"
11497
"olcDbIndex: objectClass eq\n"
11498
msgstr ""
11499
11500
#: serverguide/C/network-auth.xml:165(para)
11501
msgid ""
11502
"As an example of modifying the <emphasis>cn=config</emphasis> tree, add "
11503
"another attribute to the index list using "
11504
"<application>ldapmodify</application>:"
11505
msgstr ""
11506
11507
#: serverguide/C/network-auth.xml:171(command) serverguide/C/network-auth.xml:722(command) serverguide/C/network-auth.xml:838(command) serverguide/C/network-auth.xml:861(command) serverguide/C/network-auth.xml:2417(command) serverguide/C/network-auth.xml:2434(command)
11508
msgid "ldapmodify -x -D cn=admin,cn=config -W"
11509
msgstr ""
11510
11511
#: serverguide/C/network-auth.xml:175(userinput)
11512
#, no-wrap
11513
msgid ""
11514
"\n"
11515
"dn: olcDatabase={1}hdb,cn=config\n"
11516
"add: olcDbIndex\n"
11517
"olcDbIndex: entryUUID eq"
11518
msgstr ""
11519
11520
#: serverguide/C/network-auth.xml:175(computeroutput)
11521
#, no-wrap
11522
msgid ""
11523
"Enter LDAP Password:<placeholder-1/>\n"
11524
"\n"
11525
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11526
msgstr ""
11527
11528
#: serverguide/C/network-auth.xml:184(para)
11529
msgid ""
11530
"Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to "
11531
"exit the utility."
11532
msgstr ""
11533
11534
#: serverguide/C/network-auth.xml:191(para)
11535
msgid ""
11536
"<application>ldapmodify</application> can also read the changes from a file. "
11537
"Copy and paste the following into a file named "
11538
"<filename>uid_index.ldif</filename>:"
11539
msgstr ""
11540
11541
#: serverguide/C/network-auth.xml:196(programlisting)
11542
#, no-wrap
11543
msgid ""
11544
"\n"
11545
"dn: olcDatabase={1}hdb,cn=config\n"
11546
"add: olcDbIndex\n"
11547
"olcDbIndex: uid eq,pres,sub\n"
11548
msgstr ""
11549
11550
#: serverguide/C/network-auth.xml:202(para)
7221
msgid "The configuration example in the following sections will match the domain name of the server. For example, if the machine's Fully Qualified Domain Name (FQDN) is ldap.example.com, the default suffix will be <emphasis>dc=example,dc=com</emphasis>."
7222
msgstr ""
7223
7224
#: serverguide/C/network-auth.xml:76(title)
7225
msgid "Populating LDAP"
7226
msgstr ""
7227
7228
#: serverguide/C/network-auth.xml:78(para)
7229
msgid "<application>OpenLDAP</application> uses a separate directory which contains the <emphasis>cn=config</emphasis> Directory Information Tree (DIT). The <emphasis>cn=config</emphasis> DIT is used to dynamically configure the <application>slapd</application> daemon, allowing the modification of schema definitions, indexes, ACLs, etc without stopping the service."
7230
msgstr ""
7231
7232
#: serverguide/C/network-auth.xml:86(para)
7233
msgid "The backend <emphasis>cn=config</emphasis> directory has only a minimal configuration and will need additional options in order to populate the frontend directory. The frontend will be populated with a \"classical\" scheme that will be compatible with address book applications and with Unix Posix accounts. Posix accounts will allow authentication to various applications, such as web applications, email Mail Transfer Agent (MTA) applications, etc."
7234
msgstr ""
7235
7236
#: serverguide/C/network-auth.xml:95(para)
7237
msgid "For external applications to authenticate using LDAP they will each need to be specifically configured to do so. Refer to the individual application documentation for details."
7238
msgstr ""
7239
7240
#: serverguide/C/network-auth.xml:103(para)
7241
msgid "Remember to change <emphasis>dc=example,dc=com</emphasis> in the following examples to match your LDAP configuration."
7242
msgstr ""
7243
7244
#: serverguide/C/network-auth.xml:108(para)
7245
msgid "First, some additional schema files need to be loaded. In a terminal enter:"
7246
msgstr ""
7247
7248
#: serverguide/C/network-auth.xml:113(command) serverguide/C/network-auth.xml:638(command)
7249
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif"
7250
msgstr ""
7251
7252
#: serverguide/C/network-auth.xml:114(command) serverguide/C/network-auth.xml:639(command)
7253
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif"
7254
msgstr ""
7255
7256
#: serverguide/C/network-auth.xml:115(command) serverguide/C/network-auth.xml:640(command)
7257
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif"
7258
msgstr ""
7259
7260
#: serverguide/C/network-auth.xml:118(para)
7261
msgid "Next, copy the following example LDIF file, naming it <filename>backend.example.com.ldif</filename>, somewhere on your system:"
7262
msgstr ""
7263
7264
#: serverguide/C/network-auth.xml:123(programlisting)
7265
#, no-wrap
7266
msgid "\n# Load dynamic backend modules\ndn: cn=module,cn=config\nobjectClass: olcModuleList\ncn: module\nolcModulepath: /usr/lib/ldap\nolcModuleload: back_hdb\n\n# Database settings\ndn: olcDatabase=hdb,cn=config\nobjectClass: olcDatabaseConfig\nobjectClass: olcHdbConfig\nolcDatabase: {1}hdb\nolcSuffix: dc=example,dc=com\nolcDbDirectory: /var/lib/ldap\nolcRootDN: cn=admin,dc=example,dc=com\nolcRootPW: secret\nolcDbConfig: set_cachesize 0 2097152 0\nolcDbConfig: set_lk_max_objects 1500\nolcDbConfig: set_lk_max_locks 1500\nolcDbConfig: set_lk_max_lockers 1500\nolcDbIndex: objectClass eq\nolcLastMod: TRUE\nolcDbCheckpoint: 512 30\nolcAccess: to attrs=userPassword,shadowLastChange by dn=\"cn=admin,dc=example,dc=com\" write by anonymous auth by self write by * none\nolcAccess: to dn.base=\"\" by * read\nolcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n\n"
7267
msgstr ""
7268
7269
#: serverguide/C/network-auth.xml:154(para)
7270
msgid "Change <emphasis>olcRootPW: secret</emphasis> to a password of your choosing."
7271
msgstr ""
7272
7273
#: serverguide/C/network-auth.xml:159(para)
7274
msgid "Now add the LDIF to the directory:"
7275
msgstr ""
7276
7277
#: serverguide/C/network-auth.xml:164(command)
7278
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif"
7279
msgstr ""
7280
7281
#: serverguide/C/network-auth.xml:167(para)
7282
msgid "The frontend directory is now ready to be populated. Create a <filename>frontend.example.com.ldif</filename> with the following contents:"
7283
msgstr ""
7284
7285
#: serverguide/C/network-auth.xml:172(programlisting)
7286
#, no-wrap
7287
msgid "\n# Create top-level object in domain\ndn: dc=example,dc=com\nobjectClass: top\nobjectClass: dcObject\nobjectclass: organization\no: Example Organization\ndc: Example\ndescription: LDAP Example \n\n# Admin user.\ndn: cn=admin,dc=example,dc=com\nobjectClass: simpleSecurityObject\nobjectClass: organizationalRole\ncn: admin\ndescription: LDAP administrator\nuserPassword: secret\n\ndn: ou=people,dc=example,dc=com\nobjectClass: organizationalUnit\nou: people\n\ndn: ou=groups,dc=example,dc=com\nobjectClass: organizationalUnit\nou: groups\n\ndn: uid=john,ou=people,dc=example,dc=com\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\nobjectClass: shadowAccount\nuid: john\nsn: Doe\ngivenName: John\ncn: John Doe\ndisplayName: John Doe\nuidNumber: 1000\ngidNumber: 10000\nuserPassword: password\ngecos: John Doe\nloginShell: /bin/bash\nhomeDirectory: /home/john\nshadowExpire: -1\nshadowFlag: 0\nshadowWarning: 7\nshadowMin: 8\nshadowMax: 999999\nshadowLastChange: 10877\nmail: john.doe@example.com\npostalCode: 31000\nl: Toulouse\no: Example\nmobile: +33 (0)6 xx xx xx xx\nhomePhone: +33 (0)5 xx xx xx xx\ntitle: System Administrator\npostalAddress: \ninitials: JD\n\ndn: cn=example,ou=groups,dc=example,dc=com\nobjectClass: posixGroup\ncn: example\ngidNumber: 10000\n"
7288
msgstr ""
7289
7290
#: serverguide/C/network-auth.xml:235(para)
7291
msgid "In this example the directory structure, a user, and a group have been setup. In other examples you might see the <emphasis>objectClass: top</emphasis> added in every entry, but that is the default behaviour so you do not have to add it explicitly."
7292
msgstr ""
7293
7294
#: serverguide/C/network-auth.xml:242(para)
7295
msgid "Add the entries to the LDAP directory:"
7296
msgstr ""
7297
7298
#: serverguide/C/network-auth.xml:248(command)
7299
msgid "sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif"
7300
msgstr ""
7301
7302
#: serverguide/C/network-auth.xml:251(para)
7303
msgid "We can check that the content has been correctly added with the <application>ldapsearch</application> utility. Execute a search of the LDAP directory:"
7304
msgstr ""
7305
7306
#: serverguide/C/network-auth.xml:257(command)
7307
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
7308
msgstr ""
7309
7310
#: serverguide/C/network-auth.xml:258(computeroutput)
7311
#, no-wrap
7312
msgid "\ndn: uid=john,ou=people,dc=example,dc=com\ncn: John Doe\nsn: Doe\ngivenName: John\n"
7313
msgstr ""
7314
7315
#: serverguide/C/network-auth.xml:266(para)
7316
msgid "Just a quick explanation:"
7317
msgstr ""
7318
7319
#: serverguide/C/network-auth.xml:272(para)
7320
msgid "<emphasis>-x:</emphasis> will not use SASL authentication method, which is the default."
7321
msgstr ""
7322
7323
#: serverguide/C/network-auth.xml:278(para)
7324
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
7325
msgstr ""
7326
7327
#: serverguide/C/network-auth.xml:286(title)
7328
msgid "Further Configuration"
7329
msgstr ""
7330
7331
#: serverguide/C/network-auth.xml:289(para)
7332
msgid "The <emphasis>cn=config</emphasis> tree can be manipulated using the utilities in the <application>ldap-utils</application> package. For example:"
7333
msgstr ""
7334
7335
#: serverguide/C/network-auth.xml:297(para)
7336
msgid "Use <application>ldapsearch</application> to view the tree, entering the admin password set during installation or reconfiguration:"
7337
msgstr ""
7338
7339
#: serverguide/C/network-auth.xml:303(command)
7340
msgid "sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn"
7341
msgstr ""
7342
7343
#: serverguide/C/network-auth.xml:307(computeroutput)
7344
#, no-wrap
7345
msgid "\nSASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\ndn: cn=config\n\ndn: cn=module{0},cn=config\n\ndn: cn=schema,cn=config\n\ndn: cn={0}core,cn=schema,cn=config\n\ndn: cn={1}cosine,cn=schema,cn=config\n\ndn: cn={2}nis,cn=schema,cn=config\n\ndn: cn={3}inetorgperson,cn=schema,cn=config\n\ndn: olcDatabase={-1}frontend,cn=config\n\ndn: olcDatabase={0}config,cn=config\n\ndn: olcDatabase={1}hdb,cn=config\n"
7346
msgstr ""
7347
7348
#: serverguide/C/network-auth.xml:333(para)
7349
msgid "The output above is the current configuration options for the <emphasis>cn=config</emphasis> backend database. Your output may be vary."
7350
msgstr ""
7351
7352
#: serverguide/C/network-auth.xml:341(para)
7353
msgid "As an example of modifying the <emphasis>cn=config</emphasis> tree, add another attribute to the index list using <application>ldapmodify</application>:"
7354
msgstr ""
7355
7356
#: serverguide/C/network-auth.xml:347(command) serverguide/C/network-auth.xml:696(command)
7357
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:///"
7358
msgstr ""
7359
7360
#: serverguide/C/network-auth.xml:355(userinput)
7361
#, no-wrap
7362
msgid "dn: olcDatabase={1}hdb,cn=config\nadd: olcDbIndex\nolcDbIndex: entryUUID eq"
7363
msgstr ""
7364
7365
#: serverguide/C/network-auth.xml:351(computeroutput) serverguide/C/network-auth.xml:700(computeroutput)
7366
#, no-wrap
7367
msgid "\nSASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\n<placeholder-1/>\n\nmodifying entry \"olcDatabase={1}hdb,cn=config\"\n"
7368
msgstr ""
7369
7370
#: serverguide/C/network-auth.xml:363(para)
7371
msgid "Once the modification has completed, press <emphasis>Ctrl+D</emphasis> to exit the utility."
7372
msgstr ""
7373
7374
#: serverguide/C/network-auth.xml:370(para)
7375
msgid "<application>ldapmodify</application> can also read the changes from a file. Copy and paste the following into a file named <filename>uid_index.ldif</filename>:"
7376
msgstr ""
7377
7378
#: serverguide/C/network-auth.xml:375(programlisting)
7379
#, no-wrap
7380
msgid "\ndn: olcDatabase={1}hdb,cn=config\nadd: olcDbIndex\nolcDbIndex: uid eq,pres,sub\n"
7381
msgstr ""
7382
7383
#: serverguide/C/network-auth.xml:381(para)
11551
7384
msgid "Then execute <application>ldapmodify</application>:"
11552
7385
msgstr ""
11553
7386
11554
#: serverguide/C/network-auth.xml:207(command)
11555
msgid "ldapmodify -x -D cn=admin,cn=config -W -f uid_index.ldif"
7387
#: serverguide/C/network-auth.xml:386(command)
7388
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f uid_index.ldif"
11556
7389
msgstr ""
11557
7390
11558
#: serverguide/C/network-auth.xml:211(computeroutput)
7391
#: serverguide/C/network-auth.xml:390(computeroutput)
11559
7392
#, no-wrap
11560
msgid ""
11561
"Enter LDAP Password: \n"
11562
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
7393
msgid "\nSASL/EXTERNAL authentication started\nSASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\nSASL SSF: 0\nmodifying entry \"olcDatabase={1}hdb,cn=config\"\n"
11563
7394
msgstr ""
11564
7395
11565
#: serverguide/C/network-auth.xml:216(para)
7396
#: serverguide/C/network-auth.xml:398(para)
11566
7397
msgid "The file method is very useful for large changes."
11567
7398
msgstr ""
11568
7399
11569
#: serverguide/C/network-auth.xml:223(para)
11570
msgid ""
11571
"Adding additional <emphasis>schemas</emphasis> to "
11572
"<application>slapd</application> requires the schema to be converted to LDIF "
11573
"format. Fortunately, the <application>slapd</application> program can be "
11574
"used to automate the conversion. The following example will add the "
11575
"<emphasis>misc.schema</emphasis>:"
11576
msgstr ""
11577
11578
#: serverguide/C/network-auth.xml:231(para)
11579
msgid ""
11580
"First, create a conversion <filename>schema_convert.conf</filename> file "
11581
"containing the following lines:"
11582
msgstr ""
11583
11584
#: serverguide/C/network-auth.xml:236(programlisting)
7400
#: serverguide/C/network-auth.xml:405(para)
7401
msgid "Adding additional <emphasis>schemas</emphasis> to <application>slapd</application> requires the schema to be converted to LDIF format. The <filename role=\"directory\">/etc/ldap/schema</filename> directory contains some schema files already converted to LDIF format as demonstrated in the previous section. Fortunately, the <application>slapd</application> program can be used to automate the conversion. The following example will add the <emphasis>dyngoup.schema</emphasis>:"
7402
msgstr ""
7403
7404
#: serverguide/C/network-auth.xml:415(para)
7405
msgid "First, create a conversion <filename>schema_convert.conf</filename> file containing the following lines:"
7406
msgstr ""
7407
7408
#: serverguide/C/network-auth.xml:420(programlisting)
11585
7409
#, no-wrap
11586
msgid ""
11587
"\n"
11588
"include /etc/ldap/schema/core.schema\n"
11589
"include /etc/ldap/schema/collective.schema\n"
11590
"include /etc/ldap/schema/corba.schema\n"
11591
"include /etc/ldap/schema/cosine.schema\n"
11592
"include /etc/ldap/schema/duaconf.schema\n"
11593
"include /etc/ldap/schema/dyngroup.schema\n"
11594
"include /etc/ldap/schema/inetorgperson.schema\n"
11595
"include /etc/ldap/schema/java.schema\n"
11596
"include /etc/ldap/schema/misc.schema\n"
11597
"include /etc/ldap/schema/nis.schema\n"
11598
"include /etc/ldap/schema/openldap.schema\n"
11599
"include /etc/ldap/schema/ppolicy.schema\n"
7410
msgid "\ninclude /etc/ldap/schema/core.schema\ninclude /etc/ldap/schema/collective.schema\ninclude /etc/ldap/schema/corba.schema\ninclude /etc/ldap/schema/cosine.schema\ninclude /etc/ldap/schema/duaconf.schema\ninclude /etc/ldap/schema/dyngroup.schema\ninclude /etc/ldap/schema/inetorgperson.schema\ninclude /etc/ldap/schema/java.schema\ninclude /etc/ldap/schema/misc.schema\ninclude /etc/ldap/schema/nis.schema\ninclude /etc/ldap/schema/openldap.schema\ninclude /etc/ldap/schema/ppolicy.schema\n"
11600
7411
msgstr ""
11601
7412
11602
#: serverguide/C/network-auth.xml:254(para) serverguide/C/network-auth.xml:1318(para)
7413
#: serverguide/C/network-auth.xml:438(para) serverguide/C/network-auth.xml:1448(para)
11603
7414
msgid "Next, create a temporary directory to hold the output:"
11604
7415
msgstr ""
11605
7416
11606
#: serverguide/C/network-auth.xml:259(command) serverguide/C/network-auth.xml:1323(command) serverguide/C/network-auth.xml:2347(command)
7417
#: serverguide/C/network-auth.xml:443(command) serverguide/C/network-auth.xml:1453(command) serverguide/C/network-auth.xml:2477(command)
11607
7418
msgid "mkdir /tmp/ldif_output"
11608
7419
msgstr ""
11609
7420
11610
#: serverguide/C/network-auth.xml:265(para)
11611
msgid ""
11612
"Now using <application>slapcat</application> convert the schema files to "
11613
"LDIF:"
11614
msgstr ""
11615
11616
#: serverguide/C/network-auth.xml:270(command)
11617
msgid ""
11618
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
11619
"\"cn={8}misc,cn=schema,cn=config\" > /tmp/cn=misc.ldif"
11620
msgstr ""
11621
11622
#: serverguide/C/network-auth.xml:273(para)
11623
msgid ""
11624
"Adjust the configuration file name and temporary directory names if yours "
11625
"are different. Also, it may be worthwhile to keep the "
11626
"<filename>ldif_output</filename> directory around in case you want to add "
11627
"additional schemas in the future."
11628
msgstr ""
11629
11630
#: serverguide/C/network-auth.xml:282(para)
11631
msgid ""
11632
"Edit the <filename>/tmp/cn\\=misc.ldif</filename> file, changing the "
11633
"following attributes:"
11634
msgstr ""
11635
11636
#: serverguide/C/network-auth.xml:286(programlisting)
7421
#: serverguide/C/network-auth.xml:449(para)
7422
msgid "Now using <application>slapcat</application> convert the schema files to LDIF:"
7423
msgstr ""
7424
7425
#: serverguide/C/network-auth.xml:454(command)
7426
msgid "slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \"cn={5}dyngroup,cn=schema,cn=config\" > /tmp/cn=dyngroup.ldif"
7427
msgstr ""
7428
7429
#: serverguide/C/network-auth.xml:457(para)
7430
msgid "Adjust the configuration file name and temporary directory names if yours are different. Also, it may be worthwhile to keep the <filename>ldif_output</filename> directory around in case you want to add additional schemas in the future."
7431
msgstr ""
7432
7433
#: serverguide/C/network-auth.xml:466(para)
7434
msgid "Edit the <filename>/tmp/cn\\=dyngroup.ldif</filename> file, changing the following attributes:"
7435
msgstr ""
7436
7437
#: serverguide/C/network-auth.xml:470(programlisting)
11637
7438
#, no-wrap
11638
msgid ""
11639
"\n"
11640
"dn: cn=misc,cn=schema,cn=config\n"
11641
"...\n"
11642
"cn: misc\n"
7439
msgid "\ndn: cn=dyngroup,cn=schema,cn=config\n...\ncn: dyngroup\n"
11643
7440
msgstr ""
11644
7441
11645
#: serverguide/C/network-auth.xml:292(para) serverguide/C/network-auth.xml:1354(para)
7442
#: serverguide/C/network-auth.xml:476(para) serverguide/C/network-auth.xml:1484(para)
11646
7443
msgid "And remove the following lines from the bottom of the file:"
11647
7444
msgstr ""
11648
7445
11649
#: serverguide/C/network-auth.xml:296(programlisting)
11650
#, no-wrap
11651
msgid ""
11652
"\n"
11653
"structuralObjectClass: olcSchemaConfig\n"
11654
"entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\n"
11655
"creatorsName: cn=config\n"
11656
"createTimestamp: 20080826021140Z\n"
11657
"entryCSN: 20080826021140.791425Z#000000#000#000000\n"
11658
"modifiersName: cn=config\n"
11659
"modifyTimestamp: 20080826021140Z\n"
11660
msgstr ""
11661
11662
#: serverguide/C/network-auth.xml:307(para) serverguide/C/network-auth.xml:1369(para) serverguide/C/network-auth.xml:2393(para)
11663
msgid ""
11664
"The attribute values will vary, just be sure the attributes are removed."
11665
msgstr ""
11666
11667
#: serverguide/C/network-auth.xml:315(para) serverguide/C/network-auth.xml:1377(para)
11668
msgid ""
11669
"Finally, using the <application>ldapadd</application> utility, add the new "
11670
"schema to the directory:"
11671
msgstr ""
11672
11673
#: serverguide/C/network-auth.xml:321(command)
11674
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=misc.ldif"
11675
msgstr ""
11676
11677
#: serverguide/C/network-auth.xml:327(para)
11678
msgid ""
11679
"There should now be a <emphasis>dn: "
11680
"cn={4}misc,cn=schema,cn=config</emphasis> entry in the cn=config tree."
11681
msgstr ""
11682
11683
#: serverguide/C/network-auth.xml:336(title)
11684
msgid "Populating LDAP"
11685
msgstr ""
11686
11687
#: serverguide/C/network-auth.xml:338(para)
11688
msgid ""
11689
"The directory has been created during installation and reconfiguration, and "
11690
"now it is time to populate it. It will be populated with a \"classical\" "
11691
"scheme that will be compatible with address book applications and with Unix "
11692
"Posix accounts. Posix accounts will allow authentication to various "
11693
"applications, such as web applications, email Mail Transfer Agent (MTA) "
11694
"applications, etc."
11695
msgstr ""
11696
11697
#: serverguide/C/network-auth.xml:347(para)
11698
msgid ""
11699
"For external applications to authenticate using LDAP they will each need to "
11700
"be specifically configured to do so. Refer to the individual application "
11701
"documentation for details."
11702
msgstr ""
11703
11704
#: serverguide/C/network-auth.xml:354(para)
11705
msgid ""
11706
"LDAP directories can be populated with LDIF (LDAP Directory Interchange "
11707
"Format) files. Copy the following example LDIF file, naming it "
11708
"<filename>example.com.ldif</filename>, somewhere on your system:"
11709
msgstr ""
11710
11711
#: serverguide/C/network-auth.xml:360(programlisting)
11712
#, no-wrap
11713
msgid ""
11714
"\n"
11715
"dn: ou=people,dc=example,dc=com\n"
11716
"objectClass: organizationalUnit\n"
11717
"ou: people\n"
11718
"\n"
11719
"dn: ou=groups,dc=example,dc=com\n"
11720
"objectClass: organizationalUnit\n"
11721
"ou: groups\n"
11722
"\n"
11723
"dn: uid=john,ou=people,dc=example,dc=com\n"
11724
"objectClass: inetOrgPerson\n"
11725
"objectClass: posixAccount\n"
11726
"objectClass: shadowAccount\n"
11727
"uid: john\n"
11728
"sn: Doe\n"
11729
"givenName: John\n"
11730
"cn: John Doe\n"
11731
"displayName: John Doe\n"
11732
"uidNumber: 1000\n"
11733
"gidNumber: 10000\n"
11734
"userPassword: password\n"
11735
"gecos: John Doe\n"
11736
"loginShell: /bin/bash\n"
11737
"homeDirectory: /home/john\n"
11738
"shadowExpire: -1\n"
11739
"shadowFlag: 0\n"
11740
"shadowWarning: 7\n"
11741
"shadowMin: 8\n"
11742
"shadowMax: 999999\n"
11743
"shadowLastChange: 10877\n"
11744
"mail: john.doe@example.com\n"
11745
"postalCode: 31000\n"
11746
"l: Toulouse\n"
11747
"o: Example\n"
11748
"mobile: +33 (0)6 xx xx xx xx\n"
11749
"homePhone: +33 (0)5 xx xx xx xx\n"
11750
"title: System Administrator\n"
11751
"postalAddress: \n"
11752
"initials: JD\n"
11753
"\n"
11754
"dn: cn=example,ou=groups,dc=example,dc=com\n"
11755
"objectClass: posixGroup\n"
11756
"cn: example\n"
11757
"gidNumber: 10000\n"
11758
msgstr ""
11759
11760
#: serverguide/C/network-auth.xml:406(para)
11761
msgid ""
11762
"In this example the directory structure, a user, and a group have been "
11763
"setup. In other examples you might see the <emphasis>objectClass: "
11764
"top</emphasis> added in every entry, but that is the default behaviour so "
11765
"you do not have to add it explicitly."
11766
msgstr ""
11767
11768
#: serverguide/C/network-auth.xml:413(para)
11769
msgid ""
11770
"To add the entries to the LDAP directory use the "
11771
"<application>ldapadd</application> utility:"
11772
msgstr ""
11773
11774
#: serverguide/C/network-auth.xml:419(command)
11775
msgid "ldapadd -x -D cn=admin,dc=example,dc=com -W -f example.com.ldif"
11776
msgstr ""
11777
11778
#: serverguide/C/network-auth.xml:422(para)
11779
msgid ""
11780
"We can check that the content has been correctly added with the tools from "
11781
"the <application>ldap-utils</application> package. In order to execute a "
11782
"search of the LDAP directory:"
11783
msgstr ""
11784
11785
#: serverguide/C/network-auth.xml:429(command)
11786
msgid "ldapsearch -xLLL -b \"dc=example,dc=com\" uid=john sn givenName cn"
11787
msgstr ""
11788
11789
#: serverguide/C/network-auth.xml:430(computeroutput)
11790
#, no-wrap
11791
msgid ""
11792
"\n"
11793
"dn: uid=john,ou=people,dc=example,dc=com\n"
11794
"cn: John Doe\n"
11795
"sn: Doe\n"
11796
"givenName: John\n"
11797
msgstr ""
11798
11799
#: serverguide/C/network-auth.xml:438(para)
11800
msgid "Just a quick explanation:"
11801
msgstr ""
11802
11803
#: serverguide/C/network-auth.xml:444(para)
11804
msgid ""
11805
"<emphasis>-x:</emphasis> will not use SASL authentication method, which is "
11806
"the default."
11807
msgstr ""
11808
11809
#: serverguide/C/network-auth.xml:450(para)
11810
msgid "<emphasis>-LLL:</emphasis> disable printing LDIF schema information."
11811
msgstr ""
11812
11813
#: serverguide/C/network-auth.xml:459(title)
7446
#: serverguide/C/network-auth.xml:480(programlisting)
7447
#, no-wrap
7448
msgid "\nstructuralObjectClass: olcSchemaConfig\nentryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757\ncreatorsName: cn=config\ncreateTimestamp: 20080826021140Z\nentryCSN: 20080826021140.791425Z#000000#000#000000\nmodifiersName: cn=config\nmodifyTimestamp: 20080826021140Z\n"
7449
msgstr ""
7450
7451
#: serverguide/C/network-auth.xml:491(para) serverguide/C/network-auth.xml:1499(para) serverguide/C/network-auth.xml:2523(para)
7452
msgid "The attribute values will vary, just be sure the attributes are removed."
7453
msgstr ""
7454
7455
#: serverguide/C/network-auth.xml:499(para) serverguide/C/network-auth.xml:1507(para)
7456
msgid "Finally, using the <application>ldapadd</application> utility, add the new schema to the directory:"
7457
msgstr ""
7458
7459
#: serverguide/C/network-auth.xml:505(command)
7460
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/cn\\=dyngroup.ldif"
7461
msgstr ""
7462
7463
#: serverguide/C/network-auth.xml:511(para)
7464
msgid "There should now be a <emphasis>dn: cn={4}dyngroup,cn=schema,cn=config</emphasis> entry in the cn=config tree."
7465
msgstr ""
7466
7467
#: serverguide/C/network-auth.xml:521(title)
11814
7468
msgid "LDAP replication"
11815
7469
msgstr ""
11816
7470
11817
#: serverguide/C/network-auth.xml:461(para)
11818
msgid ""
11819
"LDAP often quickly becomes a highly critical service to the network. "
11820
"Multiple systems will come to depend on LDAP for authentication, "
11821
"authorization, configuration, etc. It is a good idea to setup a redundant "
11822
"system through replication."
11823
msgstr ""
11824
11825
#: serverguide/C/network-auth.xml:467(para)
11826
msgid ""
11827
"Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. "
11828
"Syncrepl allows the directory to be synced using either a "
11829
"<emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a "
11830
"push based configuration a <quote>primary</quote> server will push directory "
11831
"updates to <quote>secondary</quote> servers, while a pull based approach "
11832
"allows replication servers to sync on a time based interval."
11833
msgstr ""
11834
11835
#: serverguide/C/network-auth.xml:475(para)
11836
msgid ""
11837
"The following is an example of a <emphasis>Multi-Master</emphasis> "
11838
"configuration. In this configuration each OpenLDAP server is configured for "
11839
"both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
11840
msgstr ""
11841
11842
#: serverguide/C/network-auth.xml:483(para)
11843
msgid ""
11844
"First, configure the server to sync the <emphasis>cn=config</emphasis> "
11845
"database. Copy the following to a file named <filename>syncrepl_cn-"
11846
"config.ldif</filename>:"
11847
msgstr ""
11848
11849
#: serverguide/C/network-auth.xml:488(programlisting)
11850
#, no-wrap
11851
msgid ""
11852
"\n"
11853
"dn: cn=module{0},cn=config\n"
11854
"changetype: modify\n"
11855
"add: olcModuleLoad\n"
11856
"olcModuleLoad: syncprov\n"
11857
"\n"
11858
"dn: cn=config\n"
11859
"changetype: modify\n"
11860
"replace: olcServerID\n"
11861
"olcServerID: 1 ldap://ldap01.example.com\n"
11862
"olcServerID: 2 ldap://ldap02.example.com\n"
11863
"\n"
11864
"dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\n"
11865
"changetype: add\n"
11866
"objectClass: olcOverlayConfig\n"
11867
"objectClass: olcSyncProvConfig\n"
11868
"olcOverlay: syncprov\n"
11869
"\n"
11870
"dn: olcDatabase={0}config,cn=config\n"
11871
"changetype: modify\n"
11872
"add: olcSyncRepl\n"
11873
"olcSyncRepl: rid=001 provider=ldap://ldap01.example.com "
11874
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11875
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11876
" retry=\"5 5 300 5\" timeout=1\n"
11877
"olcSyncRepl: rid=002 provider=ldap://ldap02.example.com "
11878
"binddn=\"cn=admin,cn=config\" bindmethod=simple\n"
11879
" credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n"
11880
" retry=\"5 5 300 5\" timeout=1\n"
11881
"-\n"
11882
"add: olcMirrorMode\n"
11883
"olcMirrorMode: TRUE\n"
11884
msgstr ""
11885
11886
7471
#: serverguide/C/network-auth.xml:523(para)
7472
msgid "LDAP often quickly becomes a highly critical service to the network. Multiple systems will come to depend on LDAP for authentication, authorization, configuration, etc. It is a good idea to setup a redundant system through replication."
7473
msgstr ""
7474
7475
#: serverguide/C/network-auth.xml:529(para)
7476
msgid "Replication is achieved using the <emphasis>Syncrepl</emphasis> engine. Syncrepl allows the directory to be synced using either a <emphasis>push</emphasis> or <emphasis>pull</emphasis> based system. In a push based configuration a <quote>primary</quote> server will push directory updates to <quote>secondary</quote> servers, while a pull based approach allows replication servers to sync on a time based interval."
7477
msgstr ""
7478
7479
#: serverguide/C/network-auth.xml:537(para)
7480
msgid "The following is an example of a <emphasis>Multi-Master</emphasis> configuration. In this configuration each OpenLDAP server is configured for both <emphasis>push</emphasis> and <emphasis>pull</emphasis> replication."
7481
msgstr ""
7482
7483
#: serverguide/C/network-auth.xml:545(para)
7484
msgid "First, configure the server to sync the <emphasis>cn=config</emphasis> database. Copy the following to a file named <filename>syncrepl_cn-config.ldif</filename>:"
7485
msgstr ""
7486
7487
#: serverguide/C/network-auth.xml:550(programlisting)
7488
#, no-wrap
7489
msgid "\ndn: cn=module{0},cn=config\nchangetype: modify\nadd: olcModuleLoad\nolcModuleLoad: syncprov\n\ndn: cn=config\nchangetype: modify\nreplace: olcServerID\nolcServerID: 1 ldap://ldap01.example.com\nolcServerID: 2 ldap://ldap02.example.com\n\ndn: olcOverlay=syncprov,olcDatabase={0}config,cn=config\nchangetype: add\nobjectClass: olcOverlayConfig\nobjectClass: olcSyncProvConfig\nolcOverlay: syncprov\n\ndn: olcDatabase={0}config,cn=config\nchangetype: modify\nadd: olcSyncRepl\nolcSyncRepl: rid=001 provider=ldap://ldap01.example.com binddn=\"cn=admin,cn=config\" bindmethod=simple\n credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n retry=\"5 5 300 5\" timeout=1\nolcSyncRepl: rid=002 provider=ldap://ldap02.example.com binddn=\"cn=admin,cn=config\" bindmethod=simple\n credentials=secret searchbase=\"cn=config\" type=refreshAndPersist\n retry=\"5 5 300 5\" timeout=1\n-\nadd: olcMirrorMode\nolcMirrorMode: TRUE\n-\nadd: olcRootPW\nolcRootPW: secret\n"
7490
msgstr ""
7491
7492
#: serverguide/C/network-auth.xml:586(para)
7493
msgid "Change <emphasis>secret</emphasis> to an appropriate password for the admin user."
7494
msgstr ""
7495
7496
#: serverguide/C/network-auth.xml:594(para)
11887
7497
msgid "Edit the file changing:"
11888
7498
msgstr ""
11889
7499
11890
#: serverguide/C/network-auth.xml:529(para)
11891
msgid ""
11892
"<emphasis>ldap://ldap01.example.com</emphasis> and "
11893
"<emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP "
11894
"servers."
11895
msgstr ""
11896
11897
#: serverguide/C/network-auth.xml:534(para)
11898
msgid ""
11899
"You can have more than two LDAP servers, and when a change is made to one of "
11900
"them it will by synced to the rest. Be sure to increment the "
11901
"<emphasis>olcServerID</emphasis> for each server, and the "
11902
"<emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
11903
msgstr ""
11904
11905
#: serverguide/C/network-auth.xml:542(para)
11906
msgid ""
11907
"And adjust <emphasis>credentials=secret</emphasis> to match your admin "
11908
"password."
11909
msgstr ""
11910
11911
#: serverguide/C/network-auth.xml:552(para)
11912
msgid ""
11913
"Next, add the LDIF file using the <application>ldapmodify</application> "
11914
"utility:"
11915
msgstr ""
11916
11917
#: serverguide/C/network-auth.xml:557(command)
11918
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_cn-config.ldif"
11919
msgstr ""
11920
11921
#: serverguide/C/network-auth.xml:563(para)
11922
msgid ""
11923
"Copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP "
11924
"server and repeat the <application>ldapmodify</application> command above."
11925
msgstr ""
11926
11927
#: serverguide/C/network-auth.xml:571(para)
11928
msgid ""
11929
"Because a new module has been added, the <application>slapd</application> "
11930
"daemon, on all replicated servers, needs to be restarted:"
11931
msgstr ""
11932
11933
#: serverguide/C/network-auth.xml:577(command) serverguide/C/network-auth.xml:779(command) serverguide/C/network-auth.xml:895(command)
7500
#: serverguide/C/network-auth.xml:600(para)
7501
msgid "<emphasis>ldap://ldap01.example.com</emphasis> and <emphasis>ldap://ldap02.example.com</emphasis> to the hostnames of your LDAP servers."
7502
msgstr ""
7503
7504
#: serverguide/C/network-auth.xml:605(para)
7505
msgid "You can have more than two LDAP servers, and when a change is made to one of them it will by synced to the rest. Be sure to increment the <emphasis>olcServerID</emphasis> for each server, and the <emphasis>rid</emphasis> for each <emphasis>olcSyncRepl</emphasis> entry."
7506
msgstr ""
7507
7508
#: serverguide/C/network-auth.xml:613(para)
7509
msgid "And adjust <emphasis>credentials=secret</emphasis> to match your admin password."
7510
msgstr ""
7511
7512
#: serverguide/C/network-auth.xml:623(para)
7513
msgid "Next, add the LDIF file using the <application>ldapmodify</application> utility:"
7514
msgstr ""
7515
7516
#: serverguide/C/network-auth.xml:628(command)
7517
msgid "sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f syncrepl_cn-config.ldif"
7518
msgstr ""
7519
7520
#: serverguide/C/network-auth.xml:633(para)
7521
msgid "On the second LDAP server, <emphasis>ldap02.example.com</emphasis> in this case, add the additional schema files:"
7522
msgstr ""
7523
7524
#: serverguide/C/network-auth.xml:643(para)
7525
msgid "Also, load the <emphasis>cn=module</emphasis> object. Create a <filename>module.ldif</filename> with the following contents:"
7526
msgstr ""
7527
7528
#: serverguide/C/network-auth.xml:648(programlisting)
7529
#, no-wrap
7530
msgid "\n# Load dynamic backend modules\ndn: cn=module,cn=config\nobjectClass: olcModuleList\ncn: module\nolcModulepath: /usr/lib/ldap\nolcModuleload: back_hdb\n"
7531
msgstr ""
7532
7533
#: serverguide/C/network-auth.xml:657(para)
7534
msgid "And add the LDIF by entering:"
7535
msgstr ""
7536
7537
#: serverguide/C/network-auth.xml:662(command)
7538
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f module.ldif"
7539
msgstr ""
7540
7541
#: serverguide/C/network-auth.xml:668(para)
7542
msgid "Now copy the <filename>syncrepl_cn-config.ldif</filename> file to the next LDAP server and add it to the directory:"
7543
msgstr ""
7544
7545
#: serverguide/C/network-auth.xml:673(command)
7546
msgid "sudo ldapadd -Y EXTERNAL -H ldapi:/// -f syncrepl_cn-config.ldif"
7547
msgstr ""
7548
7549
#: serverguide/C/network-auth.xml:679(para)
7550
msgid "Because a new module has been added, the <application>slapd</application> daemon, on all replicated servers, needs to be restarted:"
7551
msgstr ""
7552
7553
#: serverguide/C/network-auth.xml:685(command) serverguide/C/network-auth.xml:909(command) serverguide/C/network-auth.xml:1025(command)
11934
7554
msgid "sudo /etc/init.d/slapd restart"
11935
7555
msgstr ""
11936
7556
11937
#: serverguide/C/network-auth.xml:583(para)
11938
msgid ""
11939
"Now that the configuration database is synced between servers, the "
11940
"<emphasis>backend</emphasis> database needs to be synced as well. Copy and "
11941
"paste the following into another LDIF file named "
11942
"<filename>syncrepl_backend.ldif</filename>:"
11943
msgstr ""
11944
11945
#: serverguide/C/network-auth.xml:589(programlisting)
11946
#, no-wrap
11947
msgid ""
11948
"\n"
11949
"dn: olcDatabase={1}hdb,cn=config\n"
11950
"changetype: modify\n"
11951
"add: olcRootDN\n"
11952
"olcRootDN: cn=admin,dc=example,dc=com\n"
11953
"-\n"
11954
"add: olcSyncRepl\n"
11955
"olcSyncRepl: rid=003 provider=ldap://ldap01.example.com "
11956
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11957
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11958
"type=refreshOnly \n"
11959
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11960
"olcSyncRepl: rid=004 provider=ldap://ldap02.example.com "
11961
"binddn=\"cn=admin,dc=example,dc=com\" \n"
11962
" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
11963
"type=refreshOnly \n"
11964
" interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n"
11965
"-\n"
11966
"add: olcMirrorMode\n"
11967
"olcMirrorMode: TRUE\n"
11968
"\n"
11969
"dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\n"
11970
"changetype: add\n"
11971
"objectClass: olcOverlayConfig\n"
11972
"objectClass: olcSyncProvConfig\n"
11973
"olcOverlay: syncprov\n"
11974
msgstr ""
11975
11976
#: serverguide/C/network-auth.xml:616(para)
7557
#: serverguide/C/network-auth.xml:691(para)
7558
msgid "To Test that the <emphasis>cn=config</emphasis> directory is being synced add another index to the frontend directory:"
7559
msgstr ""
7560
7561
#: serverguide/C/network-auth.xml:704(userinput)
7562
#, no-wrap
7563
msgid "dn: olcDatabase={1}hdb,cn=config\nadd: olcDbIndex\nolcDbIndex: cn eq,pres,sub"
7564
msgstr ""
7565
7566
#: serverguide/C/network-auth.xml:716(para)
7567
msgid "Now that the configuration directory is synced between servers, the <emphasis>frontend</emphasis> database needs to be synced as well. Copy and paste the following into another LDIF file named <filename>syncrepl_frontend.ldif</filename>:"
7568
msgstr ""
7569
7570
#: serverguide/C/network-auth.xml:722(programlisting)
7571
#, no-wrap
7572
msgid "\ndn: olcDatabase={1}hdb,cn=config\nchangetype: modify\nadd: olcSyncRepl\nolcSyncRepl: rid=003 provider=ldap://ldap01.example.com binddn=\"cn=admin,dc=example,dc=com\" \n bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" type=refreshOnly \n interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\nolcSyncRepl: rid=004 provider=ldap://ldap02.example.com binddn=\"cn=admin,dc=example,dc=com\" \n bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" type=refreshOnly \n interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1\n-\nadd: olcMirrorMode\nolcMirrorMode: TRUE\n\ndn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config\nchangetype: add\nobjectClass: olcOverlayConfig\nobjectClass: olcSyncProvConfig\nolcOverlay: syncprov\n"
7573
msgstr ""
7574
7575
#: serverguide/C/network-auth.xml:746(para)
11977
7576
msgid "Like the previous LDIF file, edit this one changing:"
11978
7577
msgstr ""
11979
7578
11980
#: serverguide/C/network-auth.xml:622(para)
11981
msgid ""
11982
"<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's "
11983
"searchbase."
11984
msgstr ""
11985
11986
#: serverguide/C/network-auth.xml:627(para)
11987
msgid ""
11988
"If you use a different admin user, change "
11989
"<emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
11990
msgstr ""
11991
11992
#: serverguide/C/network-auth.xml:632(para)
11993
msgid ""
11994
"Also, replace <emphasis>credentials=secret</emphasis> with your admin "
11995
"password."
11996
msgstr ""
11997
11998
#: serverguide/C/network-auth.xml:641(para)
7579
#: serverguide/C/network-auth.xml:752(para)
7580
msgid "<emphasis>searchbase=\"dc=example,dc=com\"</emphasis> to your directory's searchbase."
7581
msgstr ""
7582
7583
#: serverguide/C/network-auth.xml:757(para)
7584
msgid "If you use a different admin user, change <emphasis>binddn=\"cn=admin,dc=example,dc=com\"</emphasis>."
7585
msgstr ""
7586
7587
#: serverguide/C/network-auth.xml:762(para)
7588
msgid "Also, replace <emphasis>credentials=secret</emphasis> with your admin password."
7589
msgstr ""
7590
7591
#: serverguide/C/network-auth.xml:771(para)
11999
7592
msgid "Add the LDIF file:"
12000
7593
msgstr ""
12001
7594
12002
#: serverguide/C/network-auth.xml:646(command)
12003
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_backend.ldif"
12004
msgstr ""
12005
12006
#: serverguide/C/network-auth.xml:649(para)
12007
msgid ""
12008
"Because the servers' configuration is already synced there is no need to "
12009
"copy this LDIF file to the other servers."
12010
msgstr ""
12011
12012
#: serverguide/C/network-auth.xml:657(para)
12013
msgid ""
12014
"The configuration and backend databases should now sycnc to the other "
12015
"servers. You can add additional servers using the "
12016
"<application>ldapmodify</application> utility as the need arises. See <xref "
12017
"linkend=\"openldap-configuration\"/> for details."
12018
msgstr ""
12019
12020
#: serverguide/C/network-auth.xml:667(programlisting)
7595
#: serverguide/C/network-auth.xml:776(command)
7596
msgid "ldapmodify -x -D cn=admin,cn=config -W -f syncrepl_frontend.ldif"
7597
msgstr ""
7598
7599
#: serverguide/C/network-auth.xml:779(para)
7600
msgid "Because the servers' configuration is already synced there is no need to copy this LDIF file to the other servers."
7601
msgstr ""
7602
7603
#: serverguide/C/network-auth.xml:787(para)
7604
msgid "The configuration and backend databases should now sycnc to the other servers. You can add additional servers using the <application>ldapmodify</application> utility as the need arises. See <xref linkend=\"openldap-configuration\"/> for details."
7605
msgstr ""
7606
7607
#: serverguide/C/network-auth.xml:797(programlisting)
12021
7608
#, no-wrap
12022
7609
msgid "127.0.0.1\tldap01.example.com ldap01"
12023
7610
msgstr ""
12024
7611
12025
#: serverguide/C/network-auth.xml:663(para)
12026
msgid ""
12027
"The <application>slapd</application> daemon will send log information to "
12028
"<filename>/var/log/syslog</filename> by default. So if all does "
12029
"<emphasis>not</emphasis> go well check there for errors and other "
12030
"troubleshooting information. Also, be sure that each server knows it's Fully "
12031
"Qualified Domain Name (FQDN). This is configured in "
12032
"<filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
7612
#: serverguide/C/network-auth.xml:793(para)
7613
msgid "The <application>slapd</application> daemon will send log information to <filename>/var/log/syslog</filename> by default. So if all does <emphasis>not</emphasis> go well check there for errors and other troubleshooting information. Also, be sure that each server knows it's Fully Qualified Domain Name (FQDN). This is configured in <filename>/etc/hosts</filename> with a line similar to: <placeholder-1/>."
12033
7614
msgstr ""
12034
7615
12035
#: serverguide/C/network-auth.xml:674(title)
7616
#: serverguide/C/network-auth.xml:804(title)
12036
7617
msgid "Setting up ACL"
12037
7618
msgstr ""
12038
7619
12039
#: serverguide/C/network-auth.xml:676(para)
12040
msgid ""
12041
"Authentication requires access to the password field, that should be not "
12042
"accessible by default. Also, in order for users to change their own "
12043
"password, using <command>passwd</command> or other utilities, "
12044
"<emphasis>shadowLastChange</emphasis> needs to be accessible once a user has "
12045
"authenticated."
12046
msgstr ""
12047
12048
#: serverguide/C/network-auth.xml:683(para)
12049
msgid ""
12050
"To view the Access Control List (ACL), use the "
12051
"<application>ldapsearch</application> utility:"
12052
msgstr ""
12053
12054
#: serverguide/C/network-auth.xml:688(command)
12055
msgid ""
12056
"ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb "
12057
"olcAccess"
12058
msgstr ""
12059
12060
#: serverguide/C/network-auth.xml:692(computeroutput)
7620
#: serverguide/C/network-auth.xml:806(para)
7621
msgid "Authentication requires access to the password field, that should be not accessible by default. Also, in order for users to change their own password, using <command>passwd</command> or other utilities, <emphasis>shadowLastChange</emphasis> needs to be accessible once a user has authenticated."
7622
msgstr ""
7623
7624
#: serverguide/C/network-auth.xml:813(para)
7625
msgid "To view the Access Control List (ACL), use the <application>ldapsearch</application> utility:"
7626
msgstr ""
7627
7628
#: serverguide/C/network-auth.xml:818(command)
7629
msgid "ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase=hdb olcAccess"
7630
msgstr ""
7631
7632
#: serverguide/C/network-auth.xml:822(computeroutput)
12061
7633
#, no-wrap
12062
msgid ""
12063
"Enter LDAP Password: \n"
12064
"dn: olcDatabase={1}hdb,cn=config\n"
12065
"olcAccess: {0}to attrs=userPassword,shadowLastChange by "
12066
"dn=\"cn=admin,dc=exampl\n"
12067
" e,dc=com\" write by anonymous auth by self write by * none\n"
12068
"olcAccess: {1}to dn.base=\"\" by * read\n"
12069
"olcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
7634
msgid "Enter LDAP Password: \ndn: olcDatabase={1}hdb,cn=config\nolcAccess: {0}to attrs=userPassword,shadowLastChange by dn=\"cn=admin,dc=exampl\n e,dc=com\" write by anonymous auth by self write by * none\nolcAccess: {1}to dn.base=\"\" by * read\nolcAccess: {2}to * by dn=\"cn=admin,dc=example,dc=com\" write by * read\n"
12070
7635
msgstr ""
12071
7636
12072
#: serverguide/C/network-auth.xml:704(title)
7637
#: serverguide/C/network-auth.xml:834(title)
12073
7638
msgid "TLS and SSL"
12074
7639
msgstr ""
12075
7640
12076
#: serverguide/C/network-auth.xml:706(para)
12077
msgid ""
12078
"When authenticating to an OpenLDAP server it is best to do so using an "
12079
"encrypted session. This can be accomplished using Transport Layer Security "
12080
"(TLS) and/or Secure Sockets Layer (SSL)."
12081
msgstr ""
12082
12083
#: serverguide/C/network-auth.xml:711(para)
12084
msgid ""
12085
"The first step in the process is to obtain or create a "
12086
"<emphasis>certificate</emphasis>. See <xref linkend=\"certificates-and-"
12087
"security\"/> and <xref linkend=\"certificate-authority\"/> for details."
12088
msgstr ""
12089
12090
#: serverguide/C/network-auth.xml:716(para)
12091
msgid ""
12092
"Once you have a certificate, key, and CA cert installed, use "
12093
"<application>ldapmodify</application> to add the new configuration options:"
12094
msgstr ""
12095
12096
#: serverguide/C/network-auth.xml:727(userinput)
12097
#, no-wrap
12098
msgid ""
12099
"dn: cn=config\n"
12100
"add: olcTLSCACertificateFile\n"
12101
"olcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n"
12102
"-\n"
12103
"add: olcTLSCertificateFile\n"
12104
"olcTLSCertificateFile: /etc/ssl/certs/server.crt\n"
12105
"-\n"
12106
"add: olcTLSCertificateKeyFile\n"
12107
"olcTLSCertificateKeyFile: /etc/ssl/private/server.key"
12108
msgstr ""
12109
12110
#: serverguide/C/network-auth.xml:726(computeroutput)
12111
#, no-wrap
12112
msgid ""
12113
"Enter LDAP Password:\n"
12114
"<placeholder-1/>\n"
12115
"\n"
12116
"modifying entry \"cn=config\"\n"
12117
msgstr ""
12118
12119
#: serverguide/C/network-auth.xml:742(para)
12120
msgid ""
12121
"Adjust the <filename>server.crt</filename>, <filename>server.key</filename>, "
12122
"and <filename>cacert.pem</filename> names if yours are different. If you "
12123
"have a self-signed certificate, do <emphasis>NOT</emphasis> add the "
12124
"olcTLSCACertificateFile property, as it will cause GnuTLS to fail.."
12125
msgstr ""
12126
12127
#: serverguide/C/network-auth.xml:749(para)
12128
msgid ""
12129
"Next, edit <filename>/etc/default/slapd</filename> uncomment the "
12130
"<emphasis>SLAPD_SERVICES</emphasis> option:"
12131
msgstr ""
12132
12133
#: serverguide/C/network-auth.xml:753(programlisting)
12134
#, no-wrap
12135
msgid ""
12136
"\n"
12137
"SLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
12138
msgstr ""
12139
12140
#: serverguide/C/network-auth.xml:757(para)
12141
msgid ""
12142
"Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
12143
msgstr ""
12144
12145
#: serverguide/C/network-auth.xml:762(command)
7641
#: serverguide/C/network-auth.xml:836(para)
7642
msgid "When authenticating to an OpenLDAP server it is best to do so using an encrypted session. This can be accomplished using Transport Layer Security (TLS) and/or Secure Sockets Layer (SSL)."
7643
msgstr ""
7644
7645
#: serverguide/C/network-auth.xml:841(para)
7646
msgid "The first step in the process is to obtain or create a <emphasis>certificate</emphasis>. See <xref linkend=\"certificates-and-security\"/> and <xref linkend=\"certificate-authority\"/> for details."
7647
msgstr ""
7648
7649
#: serverguide/C/network-auth.xml:846(para)
7650
msgid "Once you have a certificate, key, and CA cert installed, use <application>ldapmodify</application> to add the new configuration options:"
7651
msgstr ""
7652
7653
#: serverguide/C/network-auth.xml:852(command) serverguide/C/network-auth.xml:968(command) serverguide/C/network-auth.xml:991(command) serverguide/C/network-auth.xml:2547(command) serverguide/C/network-auth.xml:2564(command)
7654
msgid "ldapmodify -x -D cn=admin,cn=config -W"
7655
msgstr ""
7656
7657
#: serverguide/C/network-auth.xml:857(userinput)
7658
#, no-wrap
7659
msgid "dn: cn=config\nadd: olcTLSCACertificateFile\nolcTLSCACertificateFile: /etc/ssl/certs/cacert.pem\n-\nadd: olcTLSCertificateFile\nolcTLSCertificateFile: /etc/ssl/certs/server.crt\n-\nadd: olcTLSCertificateKeyFile\nolcTLSCertificateKeyFile: /etc/ssl/private/server.key"
7660
msgstr ""
7661
7662
#: serverguide/C/network-auth.xml:856(computeroutput)
7663
#, no-wrap
7664
msgid "Enter LDAP Password:\n<placeholder-1/>\n\nmodifying entry \"cn=config\"\n"
7665
msgstr ""
7666
7667
#: serverguide/C/network-auth.xml:872(para)
7668
msgid "Adjust the <filename>server.crt</filename>, <filename>server.key</filename>, and <filename>cacert.pem</filename> names if yours are different. If you have a self-signed certificate, do <emphasis>NOT</emphasis> add the olcTLSCACertificateFile property, as it will cause GnuTLS to fail.."
7669
msgstr ""
7670
7671
#: serverguide/C/network-auth.xml:879(para)
7672
msgid "Next, edit <filename>/etc/default/slapd</filename> uncomment the <emphasis>SLAPD_SERVICES</emphasis> option:"
7673
msgstr ""
7674
7675
#: serverguide/C/network-auth.xml:883(programlisting)
7676
#, no-wrap
7677
msgid "\nSLAPD_SERVICES=\"ldap:/// ldapi:/// ldaps:///\"\n"
7678
msgstr ""
7679
7680
#: serverguide/C/network-auth.xml:887(para)
7681
msgid "Now the <emphasis>openldap</emphasis> user needs access to the certificate:"
7682
msgstr ""
7683
7684
#: serverguide/C/network-auth.xml:892(command)
12146
7685
msgid "sudo adduser openldap ssl-cert"
12147
7686
msgstr ""
12148
7687
12149
#: serverguide/C/network-auth.xml:763(command)
7688
#: serverguide/C/network-auth.xml:893(command)
12150
7689
msgid "sudo chgrp ssl-cert /etc/ssl/private/server.key"
12151
7690
msgstr ""
12152
7691
12153
#: serverguide/C/network-auth.xml:764(command)
7692
#: serverguide/C/network-auth.xml:894(command)
12154
7693
msgid "sudo chmod g+r /etc/ssl/private/server.key"
12155
7694
msgstr ""
12156
7695
12157
#: serverguide/C/network-auth.xml:768(para)
12158
msgid ""
12159
"If the <filename role=\"directory\">/etc/ssl/private</filename> and "
12160
"<filename>/etc/ssl/private/server.key</filename> have different permissions, "
12161
"adjust the commands appropriately."
7696
#: serverguide/C/network-auth.xml:898(para)
7697
msgid "If the <filename role=\"directory\">/etc/ssl/private</filename> and <filename>/etc/ssl/private/server.key</filename> have different permissions, adjust the commands appropriately."
12162
7698
msgstr ""
12163
7699
12164
#: serverguide/C/network-auth.xml:774(para)
7700
#: serverguide/C/network-auth.xml:904(para)
12165
7701
msgid "Finally, restart <application>slapd</application>:"
12166
7702
msgstr ""
12167
7703
12168
#: serverguide/C/network-auth.xml:782(para)
12169
msgid ""
12170
"The <application>slapd</application> daemon should now be listening for "
12171
"LDAPS connections and be able to use STARTTLS during authentication."
12172
msgstr ""
12173
12174
#: serverguide/C/network-auth.xml:788(para)
12175
msgid ""
12176
"If you run into troubles with the server not starting, check the "
12177
"/var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, "
12178
"it is likely there is a configuration problem. Check that the certificate is "
12179
"signed by the authority from in the files configured, and that the ssl-cert "
12180
"group has read permissions on the private key."
12181
msgstr ""
12182
12183
#: serverguide/C/network-auth.xml:800(title)
7704
#: serverguide/C/network-auth.xml:912(para)
7705
msgid "The <application>slapd</application> daemon should now be listening for LDAPS connections and be able to use STARTTLS during authentication."
7706
msgstr ""
7707
7708
#: serverguide/C/network-auth.xml:918(para)
7709
msgid "If you run into troubles with the server not starting, check the /var/log/syslog. If you see errors like main: TLS init def ctx failed: -1, it is likely there is a configuration problem. Check that the certificate is signed by the authority from in the files configured, and that the ssl-cert group has read permissions on the private key."
7710
msgstr ""
7711
7712
#: serverguide/C/network-auth.xml:930(title)
12184
7713
msgid "TLS Replication"
12185
7714
msgstr ""
12186
7715
12187
#: serverguide/C/network-auth.xml:802(para)
12188
msgid ""
12189
"If you have setup <application>Syncrepl</application> between servers, it is "
12190
"prudent to encrypt the replication traffic using <emphasis>Transport Layer "
12191
"Security (TLS)</emphasis>. For details on setting up replication see <xref "
12192
"linkend=\"openldap-server-replication\"/>."
12193
msgstr ""
12194
12195
#: serverguide/C/network-auth.xml:808(para)
12196
msgid ""
12197
"After setting up replication, and following the instructions in <xref "
12198
"linkend=\"openldap-tls\"/>, there are a couple of consequences that should "
12199
"be kept in mind:"
12200
msgstr ""
12201
12202
#: serverguide/C/network-auth.xml:815(para)
12203
msgid ""
12204
"The configuration only needs to be modified on <emphasis>one</emphasis> "
12205
"server."
12206
msgstr ""
12207
12208
#: serverguide/C/network-auth.xml:820(para)
12209
msgid ""
12210
"The path names for the <emphasis>certificate</emphasis> and "
12211
"<emphasis>key</emphasis> must be the same on all servers."
12212
msgstr ""
12213
12214
#: serverguide/C/network-auth.xml:827(para)
12215
msgid ""
12216
"So on each replicated server: install a certificate, edit "
12217
"<filename>/etc/default/slapd</filename>, and restart "
12218
"<application>slapd</application>."
12219
msgstr ""
12220
12221
#: serverguide/C/network-auth.xml:832(para)
12222
msgid ""
12223
"Once <emphasis>TLS</emphasis> has been setup on each server, modify the "
12224
"<emphasis>cn=config</emphasis> replication by entering the following in a "
12225
"terminal:"
12226
msgstr ""
12227
12228
#: serverguide/C/network-auth.xml:843(userinput)
12229
#, no-wrap
12230
msgid ""
12231
"dn: olcDatabase={0}config,cn=config\n"
12232
"replace: olcSyncrepl\n"
12233
"olcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com "
12234
"binddn=\"cn=admin,cn\n"
12235
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12236
"type=refre\n"
12237
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12238
"olcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com "
12239
"binddn=\"cn=admin,cn\n"
12240
" =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" "
12241
"type=refre\n"
12242
" shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
12243
msgstr ""
12244
12245
#: serverguide/C/network-auth.xml:842(computeroutput)
12246
#, no-wrap
12247
msgid ""
12248
"Enter LDAP Password: \n"
12249
"<placeholder-1/>\n"
12250
"\n"
12251
"modifying entry \"olcDatabase={0}config,cn=config\"\n"
12252
msgstr ""
12253
12254
#: serverguide/C/network-auth.xml:856(para)
7716
#: serverguide/C/network-auth.xml:932(para)
7717
msgid "If you have setup <application>Syncrepl</application> between servers, it is prudent to encrypt the replication traffic using <emphasis>Transport Layer Security (TLS)</emphasis>. For details on setting up replication see <xref linkend=\"openldap-server-replication\"/>."
7718
msgstr ""
7719
7720
#: serverguide/C/network-auth.xml:938(para)
7721
msgid "After setting up replication, and following the instructions in <xref linkend=\"openldap-tls\"/>, there are a couple of consequences that should be kept in mind:"
7722
msgstr ""
7723
7724
#: serverguide/C/network-auth.xml:945(para)
7725
msgid "The configuration only needs to be modified on <emphasis>one</emphasis> server."
7726
msgstr ""
7727
7728
#: serverguide/C/network-auth.xml:950(para)
7729
msgid "The path names for the <emphasis>certificate</emphasis> and <emphasis>key</emphasis> must be the same on all servers."
7730
msgstr ""
7731
7732
#: serverguide/C/network-auth.xml:957(para)
7733
msgid "So on each replicated server: install a certificate, edit <filename>/etc/default/slapd</filename>, and restart <application>slapd</application>."
7734
msgstr ""
7735
7736
#: serverguide/C/network-auth.xml:962(para)
7737
msgid "Once <emphasis>TLS</emphasis> has been setup on each server, modify the <emphasis>cn=config</emphasis> replication by entering the following in a terminal:"
7738
msgstr ""
7739
7740
#: serverguide/C/network-auth.xml:973(userinput)
7741
#, no-wrap
7742
msgid "dn: olcDatabase={0}config,cn=config\nreplace: olcSyncrepl\nolcSyncrepl: {0}rid=001 provider=ldap://ldap01.example.com binddn=\"cn=admin,cn\n =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" type=refre\n shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes\nolcSyncrepl: {1}rid=002 provider=ldap://ldap02.example.com binddn=\"cn=admin,cn\n =config\" bindmethod=simple credentials=secret searchbase=\"cn=config\" type=refre\n shAndPersist retry=\"5 5 300 5\" timeout=1 starttls=yes"
7743
msgstr ""
7744
7745
#: serverguide/C/network-auth.xml:972(computeroutput)
7746
#, no-wrap
7747
msgid "Enter LDAP Password: \n<placeholder-1/>\n\nmodifying entry \"olcDatabase={0}config,cn=config\"\n"
7748
msgstr ""
7749
7750
#: serverguide/C/network-auth.xml:986(para)
12255
7751
msgid "Now adjust the <emphasis>backend</emphasis> database replication:"
12256
7752
msgstr ""
12257
7753
12258
#: serverguide/C/network-auth.xml:866(userinput)
12259
#, no-wrap
12260
msgid ""
12261
"dn: olcDatabase={1}hdb,cn=config\n"
12262
"replace: olcSyncrepl\n"
12263
"olcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com "
12264
"binddn=\"cn=admin,dc=example,dc=\n"
12265
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12266
"type=r\n"
12267
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\n"
12268
"olcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com "
12269
"binddn=\"cn=admin,dc=example,dc=\n"
12270
" com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" "
12271
"type=r\n"
12272
" efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
12273
msgstr ""
12274
12275
#: serverguide/C/network-auth.xml:865(computeroutput) serverguide/C/network-auth.xml:2418(computeroutput)
12276
#, no-wrap
12277
msgid ""
12278
"Enter LDAP Password:\n"
12279
"<placeholder-1/>\n"
12280
"\n"
12281
"modifying entry \"olcDatabase={1}hdb,cn=config\""
12282
msgstr ""
12283
12284
#: serverguide/C/network-auth.xml:878(para)
12285
msgid ""
12286
"If the LDAP server hostname does not match the Fully Qualified Domain Name "
12287
"(FQDN) in the certificate, you may have to edit "
12288
"<filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
12289
msgstr ""
12290
12291
#: serverguide/C/network-auth.xml:883(programlisting)
12292
#, no-wrap
12293
msgid ""
12294
"\n"
12295
"TLS_CERT /etc/ssl/certs/server.crt\n"
12296
"TLS_KEY /etc/ssl/private/server.key\n"
12297
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
12298
msgstr ""
12299
12300
#: serverguide/C/network-auth.xml:890(para)
12301
msgid ""
12302
"Finally, restart <application>slapd</application> on each of the servers:"
12303
msgstr ""
12304
12305
#: serverguide/C/network-auth.xml:903(title)
7754
#: serverguide/C/network-auth.xml:996(userinput)
7755
#, no-wrap
7756
msgid "dn: olcDatabase={1}hdb,cn=config\nreplace: olcSyncrepl\nolcSyncrepl: {0}rid=003 provider=ldap://ldap01.example.com binddn=\"cn=admin,dc=example,dc=\n com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" type=r\n efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes\nolcSyncrepl: {1}rid=004 provider=ldap://ldap02.example.com binddn=\"cn=admin,dc=example,dc=\n com\" bindmethod=simple credentials=secret searchbase=\"dc=example,dc=com\" type=r\n efreshOnly interval=00:00:00:10 retry=\"5 5 300 5\" timeout=1 starttls=yes"
7757
msgstr ""
7758
7759
#: serverguide/C/network-auth.xml:995(computeroutput) serverguide/C/network-auth.xml:2548(computeroutput)
7760
#, no-wrap
7761
msgid "Enter LDAP Password:\n<placeholder-1/>\n\nmodifying entry \"olcDatabase={1}hdb,cn=config\""
7762
msgstr ""
7763
7764
#: serverguide/C/network-auth.xml:1008(para)
7765
msgid "If the LDAP server hostname does not match the Fully Qualified Domain Name (FQDN) in the certificate, you may have to edit <filename>/etc/ldap/ldap.conf</filename> and add the following TLS options:"
7766
msgstr ""
7767
7768
#: serverguide/C/network-auth.xml:1013(programlisting)
7769
#, no-wrap
7770
msgid "\nTLS_CERT /etc/ssl/certs/server.crt\nTLS_KEY /etc/ssl/private/server.key\nTLS_CACERT /etc/ssl/certs/cacert.pem\n"
7771
msgstr ""
7772
7773
#: serverguide/C/network-auth.xml:1020(para)
7774
msgid "Finally, restart <application>slapd</application> on each of the servers:"
7775
msgstr ""
7776
7777
#: serverguide/C/network-auth.xml:1033(title)
12306
7778
msgid "LDAP Authentication"
12307
7779
msgstr ""
12308
7780
12309
#: serverguide/C/network-auth.xml:905(para)
12310
msgid ""
12311
"Once you have a working LDAP server, the <application>auth-client-"
12312
"config</application> and <application>libnss-ldap</application> packages "
12313
"take the pain out of configuring an Ubuntu client to authenticate using "
12314
"LDAP. To install the packages from, a terminal prompt enter:"
7781
#: serverguide/C/network-auth.xml:1035(para)
7782
msgid "Once you have a working LDAP server, the <application>auth-client-config</application> and <application>libnss-ldap</application> packages take the pain out of configuring an Ubuntu client to authenticate using LDAP. To install the packages from, a terminal prompt enter:"
12315
7783
msgstr ""
12316
7784
12317
#: serverguide/C/network-auth.xml:912(command)
7785
#: serverguide/C/network-auth.xml:1042(command)
12318
7786
msgid "sudo apt-get install libnss-ldap"
12319
7787
msgstr ""
12320
7788
12321
#: serverguide/C/network-auth.xml:915(para)
12322
msgid ""
12323
"During the install a menu dialog will ask you connection details about your "
12324
"LDAP server."
12325
msgstr ""
12326
12327
#: serverguide/C/network-auth.xml:919(para)
12328
msgid ""
12329
"If you make a mistake when entering your information you can execute the "
12330
"dialog again using:"
12331
msgstr ""
12332
12333
#: serverguide/C/network-auth.xml:924(command)
7789
#: serverguide/C/network-auth.xml:1045(para)
7790
msgid "During the install a menu dialog will ask you connection details about your LDAP server."
7791
msgstr ""
7792
7793
#: serverguide/C/network-auth.xml:1049(para)
7794
msgid "If you make a mistake when entering your information you can execute the dialog again using:"
7795
msgstr ""
7796
7797
#: serverguide/C/network-auth.xml:1054(command)
12334
7798
msgid "sudo dpkg-reconfigure ldap-auth-config"
12335
7799
msgstr ""
12336
7800
12337
#: serverguide/C/network-auth.xml:927(para)
12338
msgid ""
12339
"The results of the dialog can be seen in "
12340
"<filename>/etc/ldap.conf</filename>. If your server requires options not "
12341
"covered in the menu edit this file accordingly."
12342
msgstr ""
12343
12344
#: serverguide/C/network-auth.xml:932(para)
12345
msgid ""
12346
"Now that <application>libnss-ldap</application> is configured enable the "
12347
"<application>auth-client-config</application> LDAP profile by entering:"
12348
msgstr ""
12349
12350
#: serverguide/C/network-auth.xml:938(command)
7801
#: serverguide/C/network-auth.xml:1057(para)
7802
msgid "The results of the dialog can be seen in <filename>/etc/ldap.conf</filename>. If your server requires options not covered in the menu edit this file accordingly."
7803
msgstr ""
7804
7805
#: serverguide/C/network-auth.xml:1062(para)
7806
msgid "Now that <application>libnss-ldap</application> is configured enable the <application>auth-client-config</application> LDAP profile by entering:"
7807
msgstr ""
7808
7809
#: serverguide/C/network-auth.xml:1068(command)
12351
7810
msgid "sudo auth-client-config -t nss -p lac_ldap"
12352
7811
msgstr ""
12353
7812
12354
#: serverguide/C/network-auth.xml:943(para)
12355
msgid ""
12356
"<emphasis>-t:</emphasis> only modifies "
12357
"<filename>/etc/nsswitch.conf</filename>."
7813
#: serverguide/C/network-auth.xml:1073(para)
7814
msgid "<emphasis>-t:</emphasis> only modifies <filename>/etc/nsswitch.conf</filename>."
12358
7815
msgstr ""
12359
7816
12360
#: serverguide/C/network-auth.xml:948(para)
7817
#: serverguide/C/network-auth.xml:1078(para)
12361
7818
msgid "<emphasis>-p:</emphasis> name of the profile to enable, disable, etc."
12362
7819
msgstr ""
12363
7820
12364
#: serverguide/C/network-auth.xml:953(para)
12365
msgid ""
12366
"<emphasis>lac_ldap:</emphasis> the <application>auth-client-"
12367
"config</application> profile that is part of the <application>ldap-auth-"
12368
"config</application> package."
12369
msgstr ""
12370
12371
#: serverguide/C/network-auth.xml:960(para)
12372
msgid ""
12373
"Using the <application>pam-auth-update</application> utility, configure the "
12374
"system to use LDAP for authentication:"
12375
msgstr ""
12376
12377
#: serverguide/C/network-auth.xml:965(command)
7821
#: serverguide/C/network-auth.xml:1083(para)
7822
msgid "<emphasis>lac_ldap:</emphasis> the <application>auth-client-config</application> profile that is part of the <application>ldap-auth-config</application> package."
7823
msgstr ""
7824
7825
#: serverguide/C/network-auth.xml:1090(para)
7826
msgid "Using the <application>pam-auth-update</application> utility, configure the system to use LDAP for authentication:"
7827
msgstr ""
7828
7829
#: serverguide/C/network-auth.xml:1095(command)
12378
7830
msgid "sudo pam-auth-update"
12379
7831
msgstr ""
12380
7832
12381
#: serverguide/C/network-auth.xml:968(para)
12382
msgid ""
12383
"From the <application>pam-auth-update</application> menu, choose LDAP and "
12384
"any other authentication mechanisms you need."
12385
msgstr ""
12386
12387
#: serverguide/C/network-auth.xml:972(para)
12388
msgid ""
12389
"You should now be able to login using user credentials stored in the LDAP "
12390
"directory."
12391
msgstr ""
12392
12393
#: serverguide/C/network-auth.xml:977(para)
12394
msgid ""
12395
"If you are going to use LDAP to store Samba users you will need to configure "
12396
"the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> "
12397
"for details."
12398
msgstr ""
12399
12400
#: serverguide/C/network-auth.xml:985(title)
7833
#: serverguide/C/network-auth.xml:1098(para)
7834
msgid "From the <application>pam-auth-update</application> menu, choose LDAP and any other authentication mechanisms you need."
7835
msgstr ""
7836
7837
#: serverguide/C/network-auth.xml:1102(para)
7838
msgid "You should now be able to login using user credentials stored in the LDAP directory."
7839
msgstr ""
7840
7841
#: serverguide/C/network-auth.xml:1107(para)
7842
msgid "If you are going to use LDAP to store Samba users you will need to configure the server to authenticate using LDAP. See <xref linkend=\"samba-ldap\"/> for details."
7843
msgstr ""
7844
7845
#: serverguide/C/network-auth.xml:1115(title)
12401
7846
msgid "User and Group Management"
12402
7847
msgstr ""
12403
7848
12404
#: serverguide/C/network-auth.xml:987(para)
12405
msgid ""
12406
"The <application>ldap-utils</application> package comes with multiple "
12407
"utilities to manage the directory, but the long string of options needed, "
12408
"can make them a burden to use. The <application>ldapscripts</application> "
12409
"package contains configurable scripts to easily manage LDAP users and groups."
7849
#: serverguide/C/network-auth.xml:1117(para)
7850
msgid "The <application>ldap-utils</application> package comes with multiple utilities to manage the directory, but the long string of options needed, can make them a burden to use. The <application>ldapscripts</application> package contains configurable scripts to easily manage LDAP users and groups."
12410
7851
msgstr ""
12411
7852
12412
#: serverguide/C/network-auth.xml:993(para)
7853
#: serverguide/C/network-auth.xml:1123(para)
12413
7854
msgid "To install the package, from a terminal enter:"
12414
7855
msgstr ""
12415
7856
12416
#: serverguide/C/network-auth.xml:998(command)
7857
#: serverguide/C/network-auth.xml:1128(command)
12417
7858
msgid "sudo apt-get install ldapscripts"
12418
7859
msgstr ""
12419
7860
12420
#: serverguide/C/network-auth.xml:1001(para)
12421
msgid ""
12422
"Next, edit the config file "
12423
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and "
12424
"changing the following to match your environment:"
7861
#: serverguide/C/network-auth.xml:1131(para)
7862
msgid "Next, edit the config file <filename>/etc/ldapscripts/ldapscripts.conf</filename> uncommenting and changing the following to match your environment:"
12425
7863
msgstr ""
12426
7864
12427
#: serverguide/C/network-auth.xml:1006(programlisting)
7865
#: serverguide/C/network-auth.xml:1136(programlisting)
12428
7866
#, no-wrap
12429
msgid ""
12430
"\n"
12431
"SERVER=localhost\n"
12432
"BINDDN='cn=admin,dc=example,dc=com'\n"
12433
"BINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\n"
12434
"SUFFIX='dc=example,dc=com'\n"
12435
"GSUFFIX='ou=Groups'\n"
12436
"USUFFIX='ou=People'\n"
12437
"MSUFFIX='ou=Computers'\n"
12438
"GIDSTART=10000\n"
12439
"UIDSTART=10000\n"
12440
"MIDSTART=10000\n"
12441
msgstr ""
12442
12443
#: serverguide/C/network-auth.xml:1019(para)
12444
msgid ""
12445
"Now, create the <filename>ldapscripts.passwd</filename> file to allow "
12446
"authenticated access to the directory:"
12447
msgstr ""
12448
12449
#: serverguide/C/network-auth.xml:1024(command)
12450
msgid ""
12451
"sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
12452
msgstr ""
12453
12454
#: serverguide/C/network-auth.xml:1025(command)
7867
msgid "\nSERVER=localhost\nBINDDN='cn=admin,dc=example,dc=com'\nBINDPWDFILE=\"/etc/ldapscripts/ldapscripts.passwd\"\nSUFFIX='dc=example,dc=com'\nGSUFFIX='ou=Groups'\nUSUFFIX='ou=People'\nMSUFFIX='ou=Computers'\nGIDSTART=10000\nUIDSTART=10000\nMIDSTART=10000\n"
7868
msgstr ""
7869
7870
#: serverguide/C/network-auth.xml:1149(para)
7871
msgid "Now, create the <filename>ldapscripts.passwd</filename> file to allow authenticated access to the directory:"
7872
msgstr ""
7873
7874
#: serverguide/C/network-auth.xml:1154(command)
7875
msgid "sudo sh -c \"echo -n 'secret' > /etc/ldapscripts/ldapscripts.passwd\""
7876
msgstr ""
7877
7878
#: serverguide/C/network-auth.xml:1155(command)
12455
7879
msgid "sudo chmod 400 /etc/ldapscripts/ldapscripts.passwd"
12456
7880
msgstr ""
12457
7881
12458
#: serverguide/C/network-auth.xml:1029(para)
12459
msgid ""
12460
"Replace <quote>secret</quote> with the actual password for your LDAP admin "
12461
"user."
12462
msgstr ""
12463
12464
#: serverguide/C/network-auth.xml:1034(para)
12465
msgid ""
12466
"The <application>ldapscripts</application> are now ready to help manage your "
12467
"directory. The following are some examples of how to use the scripts:"
12468
msgstr ""
12469
12470
#: serverguide/C/network-auth.xml:1041(para)
7882
#: serverguide/C/network-auth.xml:1159(para)
7883
msgid "Replace <quote>secret</quote> with the actual password for your LDAP admin user."
7884
msgstr ""
7885
7886
#: serverguide/C/network-auth.xml:1164(para)
7887
msgid "The <application>ldapscripts</application> are now ready to help manage your directory. The following are some examples of how to use the scripts:"
7888
msgstr ""
7889
7890
#: serverguide/C/network-auth.xml:1171(para)
12471
7891
msgid "Create a new user:"
12472
7892
msgstr ""
12473
7893
12474
#: serverguide/C/network-auth.xml:1045(command)
7894
#: serverguide/C/network-auth.xml:1175(command)
12475
7895
msgid "sudo ldapadduser george example"
12476
7896
msgstr ""
12477
7897
12478
#: serverguide/C/network-auth.xml:1047(para)
12479
msgid ""
12480
"This will create a user with uid <emphasis role=\"italic\">george</emphasis> "
12481
"and set the user's primary group (gid) to <emphasis "
12482
"role=\"italic\">example</emphasis>"
7898
#: serverguide/C/network-auth.xml:1177(para)
7899
msgid "This will create a user with uid <emphasis role=\"italic\">george</emphasis> and set the user's primary group (gid) to <emphasis role=\"italic\">example</emphasis>"
12483
7900
msgstr ""
12484
7901
12485
#: serverguide/C/network-auth.xml:1053(para)
7902
#: serverguide/C/network-auth.xml:1183(para)
12486
7903
msgid "Change a user's password:"
12487
7904
msgstr ""
12488
7905
12489
#: serverguide/C/network-auth.xml:1057(command)
7906
#: serverguide/C/network-auth.xml:1187(command)
12490
7907
msgid "sudo ldapsetpasswd george"
12491
7908
msgstr ""
12492
7909
12493
#: serverguide/C/network-auth.xml:1058(computeroutput)
7910
#: serverguide/C/network-auth.xml:1188(computeroutput)
12494
7911
#, no-wrap
12495
7912
msgid "Changing password for user uid=george,ou=People,dc=example,dc=com"
12496
7913
msgstr ""
12497
7914
12498
#: serverguide/C/network-auth.xml:1059(userinput)
7915
#: serverguide/C/network-auth.xml:1189(userinput)
12499
7916
#, no-wrap
12500
7917
msgid "New Password: "
12501
7918
msgstr ""
12502
7919
12503
#: serverguide/C/network-auth.xml:1060(userinput)
7920
#: serverguide/C/network-auth.xml:1190(userinput)
12504
7921
#, no-wrap
12505
7922
msgid "New Password (verify): "
12506
7923
msgstr ""
12507
7924
12508
#: serverguide/C/network-auth.xml:1064(para)
7925
#: serverguide/C/network-auth.xml:1194(para)
12509
7926
msgid "Delete a user:"
12510
7927
msgstr ""
12511
7928
12512
#: serverguide/C/network-auth.xml:1068(command)
7929
#: serverguide/C/network-auth.xml:1198(command)
12513
7930
msgid "sudo ldapdeleteuser george"
12514
7931
msgstr ""
12515
7932
12516
#: serverguide/C/network-auth.xml:1073(para)
7933
#: serverguide/C/network-auth.xml:1203(para)
12517
7934
msgid "Add a group:"
12518
7935
msgstr ""
12519
7936
12520
#: serverguide/C/network-auth.xml:1077(command)
7937
#: serverguide/C/network-auth.xml:1207(command)
12521
7938
msgid "sudo ldapaddgroup qa"
12522
7939
msgstr ""
12523
7940
12524
#: serverguide/C/network-auth.xml:1081(para)
7941
#: serverguide/C/network-auth.xml:1211(para)
12525
7942
msgid "Delete a group:"
12526
7943
msgstr ""
12527
7944
12528
#: serverguide/C/network-auth.xml:1085(command)
7945
#: serverguide/C/network-auth.xml:1215(command)
12529
7946
msgid "sudo ldapdeletegroup qa"
12530
7947
msgstr ""
12531
7948
12532
#: serverguide/C/network-auth.xml:1089(para)
7949
#: serverguide/C/network-auth.xml:1219(para)
12533
7950
msgid "Add a user to a group:"
12534
7951
msgstr ""
12535
7952
12536
#: serverguide/C/network-auth.xml:1093(command)
7953
#: serverguide/C/network-auth.xml:1223(command)
12537
7954
msgid "sudo ldapaddusertogroup george qa"
12538
7955
msgstr ""
12539
7956
12540
#: serverguide/C/network-auth.xml:1095(para)
12541
msgid ""
12542
"You should now see a <emphasis>memberUid</emphasis> attribute for the "
12543
"<emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis "
12544
"role=\"italic\">george</emphasis>."
7957
#: serverguide/C/network-auth.xml:1225(para)
7958
msgid "You should now see a <emphasis>memberUid</emphasis> attribute for the <emphasis role=\"italic\">qa</emphasis> group with a value of <emphasis role=\"italic\">george</emphasis>."
12545
7959
msgstr ""
12546
7960
12547
#: serverguide/C/network-auth.xml:1101(para)
7961
#: serverguide/C/network-auth.xml:1231(para)
12548
7962
msgid "Remove a user from a group:"
12549
7963
msgstr ""
12550
7964
12551
#: serverguide/C/network-auth.xml:1105(command)
7965
#: serverguide/C/network-auth.xml:1235(command)
12552
7966
msgid "sudo ldapdeleteuserfromgroup george qa"
12553
7967
msgstr ""
12554
7968
12555
#: serverguide/C/network-auth.xml:1107(para)
12556
msgid ""
12557
"The <emphasis>memberUid</emphasis> attribute should now be removed from the "
12558
"<emphasis role=\"italic\">qa</emphasis> group."
12559
msgstr ""
12560
12561
#: serverguide/C/network-auth.xml:1113(para)
12562
msgid ""
12563
"The <application>ldapmodifyuser</application> script allows you to add, "
12564
"remove, or replace a user's attributes. The script uses the same syntax as "
12565
"the <application>ldapmodify</application> utility. For example:"
12566
msgstr ""
12567
12568
#: serverguide/C/network-auth.xml:1118(command)
7969
#: serverguide/C/network-auth.xml:1237(para)
7970
msgid "The <emphasis>memberUid</emphasis> attribute should now be removed from the <emphasis role=\"italic\">qa</emphasis> group."
7971
msgstr ""
7972
7973
#: serverguide/C/network-auth.xml:1243(para)
7974
msgid "The <application>ldapmodifyuser</application> script allows you to add, remove, or replace a user's attributes. The script uses the same syntax as the <application>ldapmodify</application> utility. For example:"
7975
msgstr ""
7976
7977
#: serverguide/C/network-auth.xml:1248(command)
12569
7978
msgid "sudo ldapmodifyuser george"
12570
7979
msgstr ""
12571
7980
12572
#: serverguide/C/network-auth.xml:1119(computeroutput)
12573
#, no-wrap
12574
msgid ""
12575
"# About to modify the following entry :\n"
12576
"dn: uid=george,ou=People,dc=example,dc=com\n"
12577
"objectClass: account\n"
12578
"objectClass: posixAccount\n"
12579
"cn: george\n"
12580
"uid: george\n"
12581
"uidNumber: 1001\n"
12582
"gidNumber: 1001\n"
12583
"homeDirectory: /home/george\n"
12584
"loginShell: /bin/bash\n"
12585
"gecos: george\n"
12586
"description: User account\n"
12587
"userPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n"
12588
"\n"
12589
"# Enter your modifications here, end with CTRL-D.\n"
12590
"dn: uid=george,ou=People,dc=example,dc=com"
12591
msgstr ""
12592
12593
#: serverguide/C/network-auth.xml:1135(userinput)
12594
#, no-wrap
12595
msgid ""
12596
"replace: gecos\n"
12597
"gecos: George Carlin"
12598
msgstr ""
12599
12600
#: serverguide/C/network-auth.xml:1138(para)
12601
msgid ""
12602
"The user's <emphasis>gecos</emphasis> should now be <quote>George "
12603
"Carlin</quote>."
12604
msgstr ""
12605
12606
#: serverguide/C/network-auth.xml:1143(para)
12607
msgid ""
12608
"Another great feature of <application>ldapscripts</application>, is the "
12609
"template system. Templates allow you to customize the attributes of user, "
12610
"group, and machine objectes. For example, to enable the "
12611
"<emphasis>user</emphasis> template edit "
12612
"<filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
12613
msgstr ""
12614
12615
#: serverguide/C/network-auth.xml:1150(programlisting)
12616
#, no-wrap
12617
msgid ""
12618
"\n"
12619
"UTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
12620
msgstr ""
12621
12622
#: serverguide/C/network-auth.xml:1154(para)
12623
msgid ""
12624
"There are <emphasis role=\"italic\">sample</emphasis> templates in the "
12625
"<filename>/etc/ldapscripts</filename> directory. Copy or rename the "
12626
"<filename>ldapadduser.template.sample</filename> file to "
12627
"<filename>/etc/ldapscripts/ldapadduser.template</filename>:"
12628
msgstr ""
12629
12630
#: serverguide/C/network-auth.xml:1161(command)
12631
msgid ""
12632
"sudo cp /etc/ldapscripts/ldapadduser.template.sample "
12633
"/etc/ldapscripts/ldapadduser.template"
12634
msgstr ""
12635
12636
#: serverguide/C/network-auth.xml:1164(para)
12637
msgid ""
12638
"Edit the new template to add the desired attributes. The following will "
12639
"create new user's as with an <emphasis>objectClass</emphasis> of "
12640
"<emphasis>inetOrgPerson</emphasis>:"
12641
msgstr ""
12642
12643
#: serverguide/C/network-auth.xml:1169(programlisting)
12644
#, no-wrap
12645
msgid ""
12646
"\n"
12647
"dn: uid=<user>,<usuffix>,<suffix>\n"
12648
"objectClass: inetOrgPerson\n"
12649
"objectClass: posixAccount\n"
12650
"cn: <user>\n"
12651
"sn: <ask>\n"
12652
"uid: <user>\n"
12653
"uidNumber: <uid>\n"
12654
"gidNumber: <gid>\n"
12655
"homeDirectory: <home>\n"
12656
"loginShell: <shell>\n"
12657
"gecos: <user>\n"
12658
"description: User account\n"
12659
"title: Employee\n"
12660
msgstr ""
12661
12662
#: serverguide/C/network-auth.xml:1185(para)
12663
msgid ""
12664
"Notice the <emphasis><ask></emphasis> option used for the "
12665
"<emphasis>cn</emphasis> value. Using <ask> will configure "
12666
"<application>ldapadduser</application> to prompt you for the attribute value "
12667
"during user creation."
12668
msgstr ""
12669
12670
#: serverguide/C/network-auth.xml:1193(para)
12671
msgid ""
12672
"There are more useful scripts in the package, to see a full list enter: "
12673
"<command>dpkg -L ldapscripts | grep bin</command>"
12674
msgstr ""
12675
12676
#: serverguide/C/network-auth.xml:1202(para)
12677
msgid ""
12678
"For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP "
12679
"Home Page</ulink>"
12680
msgstr ""
12681
12682
#: serverguide/C/network-auth.xml:1207(para)
12683
msgid ""
12684
"Though starting to show it's age, a great source for in depth LDAP "
12685
"information is O'Reilly's <ulink "
12686
"url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System "
12687
"Administration</ulink>"
12688
msgstr ""
12689
12690
#: serverguide/C/network-auth.xml:1213(para)
12691
msgid ""
12692
"Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-"
12693
"Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering "
12694
"newer versions of OpenLDAP."
12695
msgstr ""
12696
12697
#: serverguide/C/network-auth.xml:1219(para)
12698
msgid ""
12699
"For more information on <application>auth-client-config</application> see "
12700
"the man page: <command>man auth-client-config</command>."
12701
msgstr ""
12702
12703
#: serverguide/C/network-auth.xml:1224(para)
12704
msgid ""
12705
"For more details regarding the <application>ldapscripts</application> "
12706
"package see the man pages: <command>man ldapscripts</command>, <command>man "
12707
"ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
12708
msgstr ""
12709
12710
#: serverguide/C/network-auth.xml:1234(title)
7981
#: serverguide/C/network-auth.xml:1249(computeroutput)
7982
#, no-wrap
7983
msgid "# About to modify the following entry :\ndn: uid=george,ou=People,dc=example,dc=com\nobjectClass: account\nobjectClass: posixAccount\ncn: george\nuid: george\nuidNumber: 1001\ngidNumber: 1001\nhomeDirectory: /home/george\nloginShell: /bin/bash\ngecos: george\ndescription: User account\nuserPassword:: e1NTSEF9eXFsTFcyWlhwWkF1eGUybVdFWHZKRzJVMjFTSG9vcHk=\n\n# Enter your modifications here, end with CTRL-D.\ndn: uid=george,ou=People,dc=example,dc=com"
7984
msgstr ""
7985
7986
#: serverguide/C/network-auth.xml:1265(userinput)
7987
#, no-wrap
7988
msgid "replace: gecos\ngecos: George Carlin"
7989
msgstr ""
7990
7991
#: serverguide/C/network-auth.xml:1268(para)
7992
msgid "The user's <emphasis>gecos</emphasis> should now be <quote>George Carlin</quote>."
7993
msgstr ""
7994
7995
#: serverguide/C/network-auth.xml:1273(para)
7996
msgid "Another great feature of <application>ldapscripts</application>, is the template system. Templates allow you to customize the attributes of user, group, and machine objectes. For example, to enable the <emphasis>user</emphasis> template edit <filename>/etc/ldapscripts/ldapscripts.conf</filename> changing:"
7997
msgstr ""
7998
7999
#: serverguide/C/network-auth.xml:1280(programlisting)
8000
#, no-wrap
8001
msgid "\nUTEMPLATE=\"/etc/ldapscripts/ldapadduser.template\"\n"
8002
msgstr ""
8003
8004
#: serverguide/C/network-auth.xml:1284(para)
8005
msgid "There are <emphasis role=\"italic\">sample</emphasis> templates in the <filename>/etc/ldapscripts</filename> directory. Copy or rename the <filename>ldapadduser.template.sample</filename> file to <filename>/etc/ldapscripts/ldapadduser.template</filename>:"
8006
msgstr ""
8007
8008
#: serverguide/C/network-auth.xml:1291(command)
8009
msgid "sudo cp /etc/ldapscripts/ldapadduser.template.sample /etc/ldapscripts/ldapadduser.template"
8010
msgstr ""
8011
8012
#: serverguide/C/network-auth.xml:1294(para)
8013
msgid "Edit the new template to add the desired attributes. The following will create new user's as with an <emphasis>objectClass</emphasis> of <emphasis>inetOrgPerson</emphasis>:"
8014
msgstr ""
8015
8016
#: serverguide/C/network-auth.xml:1299(programlisting)
8017
#, no-wrap
8018
msgid "\ndn: uid=<user>,<usuffix>,<suffix>\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\ncn: <user>\nsn: <ask>\nuid: <user>\nuidNumber: <uid>\ngidNumber: <gid>\nhomeDirectory: <home>\nloginShell: <shell>\ngecos: <user>\ndescription: User account\ntitle: Employee\n"
8019
msgstr ""
8020
8021
#: serverguide/C/network-auth.xml:1315(para)
8022
msgid "Notice the <emphasis><ask></emphasis> option used for the <emphasis>cn</emphasis> value. Using <ask> will configure <application>ldapadduser</application> to prompt you for the attribute value during user creation."
8023
msgstr ""
8024
8025
#: serverguide/C/network-auth.xml:1323(para)
8026
msgid "There are more useful scripts in the package, to see a full list enter: <command>dpkg -L ldapscripts | grep bin</command>"
8027
msgstr ""
8028
8029
#: serverguide/C/network-auth.xml:1332(para)
8030
msgid "For more information see <ulink url=\"http://www.openldap.org/\">OpenLDAP Home Page</ulink>"
8031
msgstr ""
8032
8033
#: serverguide/C/network-auth.xml:1337(para)
8034
msgid "Though starting to show it's age, a great source for in depth LDAP information is O'Reilly's <ulink url=\"http://www.oreilly.com/catalog/ldapsa/\">LDAP System Administration</ulink>"
8035
msgstr ""
8036
8037
#: serverguide/C/network-auth.xml:1343(para)
8038
msgid "Packt's <ulink url=\"http://www.packtpub.com/OpenLDAP-Developers-Server-Open-Source-Linux/book\">Mastering OpenLDAP</ulink> is a great reference covering newer versions of OpenLDAP."
8039
msgstr ""
8040
8041
#: serverguide/C/network-auth.xml:1349(para)
8042
msgid "For more information on <application>auth-client-config</application> see the man page: <command>man auth-client-config</command>."
8043
msgstr ""
8044
8045
#: serverguide/C/network-auth.xml:1354(para)
8046
msgid "For more details regarding the <application>ldapscripts</application> package see the man pages: <command>man ldapscripts</command>, <command>man ldapadduser</command>, <command>man ldapaddgroup</command>, etc."
8047
msgstr ""
8048
8049
#: serverguide/C/network-auth.xml:1364(title)
12711
8050
msgid "Samba and LDAP"
12712
8051
msgstr ""
12713
8052
12714
#: serverguide/C/network-auth.xml:1236(para)
12715
msgid ""
12716
"This section covers configuring Samba to use LDAP for user, group, and "
12717
"machine account information and authentication. The assumption is, you "
12718
"already have a working OpenLDAP directory installed and the server is "
12719
"configured to use it for authentication. See <xref linkend=\"openldap-"
12720
"server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on "
12721
"setting up OpenLDAP. For more information on installing and configuring "
12722
"Samba see <xref linkend=\"windows-networking\"/>."
12723
msgstr ""
12724
12725
#: serverguide/C/network-auth.xml:1246(para)
12726
msgid ""
12727
"There are three packages needed when integrating Samba with LDAP. "
12728
"<application>samba</application>, <application>samba-doc</application>, and "
12729
"<application>smbldap-tools</application> packages . To install the packages, "
12730
"from a terminal enter:"
12731
msgstr ""
12732
12733
#: serverguide/C/network-auth.xml:1252(command)
8053
#: serverguide/C/network-auth.xml:1366(para)
8054
msgid "This section covers configuring Samba to use LDAP for user, group, and machine account information and authentication. The assumption is, you already have a working OpenLDAP directory installed and the server is configured to use it for authentication. See <xref linkend=\"openldap-server\"/> and <xref linkend=\"openldap-auth-config\"/> for details on setting up OpenLDAP. For more information on installing and configuring Samba see <xref linkend=\"windows-networking\"/>."
8055
msgstr ""
8056
8057
#: serverguide/C/network-auth.xml:1376(para)
8058
msgid "There are three packages needed when integrating Samba with LDAP. <application>samba</application>, <application>samba-doc</application>, and <application>smbldap-tools</application> packages . To install the packages, from a terminal enter:"
8059
msgstr ""
8060
8061
#: serverguide/C/network-auth.xml:1382(command)
12734
8062
msgid "sudo apt-get install samba samba-doc smbldap-tools"
12735
8063
msgstr ""
12736
8064
12737
#: serverguide/C/network-auth.xml:1255(para)
12738
msgid ""
12739
"Strictly speaking the <application>smbldap-tools</application> package isn't "
12740
"needed, but unless you have another package or custom scripts, a method of "
12741
"managing users, groups, and computer accounts is needed."
8065
#: serverguide/C/network-auth.xml:1385(para)
8066
msgid "Strictly speaking the <application>smbldap-tools</application> package isn't needed, but unless you have another package or custom scripts, a method of managing users, groups, and computer accounts is needed."
12742
8067
msgstr ""
12743
8068
12744
#: serverguide/C/network-auth.xml:1262(title)
8069
#: serverguide/C/network-auth.xml:1392(title)
12745
8070
msgid "OpenLDAP Configuration"
12746
8071
msgstr ""
12747
8072
12748
#: serverguide/C/network-auth.xml:1264(para)
12749
msgid ""
12750
"In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, "
12751
"the user objects in the directory will need additional attributes. This "
12752
"section assumes you want Samba to be configured as a Windows NT domain "
12753
"controller, and will add the necessary LDAP objects and attributes."
12754
msgstr ""
12755
12756
#: serverguide/C/network-auth.xml:1272(para)
12757
msgid ""
12758
"The Samba attributes are defined in the <filename>samba.schema</filename> "
12759
"file which is part of the <application>samba-doc</application> package. The "
12760
"schema file needs to be unzipped and copied to "
12761
"<filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
12762
msgstr ""
12763
12764
#: serverguide/C/network-auth.xml:1279(command)
12765
msgid ""
12766
"sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz "
12767
"/etc/ldap/schema/"
12768
msgstr ""
12769
12770
#: serverguide/C/network-auth.xml:1280(command)
8073
#: serverguide/C/network-auth.xml:1394(para)
8074
msgid "In order for Samba to use OpenLDAP as a <emphasis>passdb backend</emphasis>, the user objects in the directory will need additional attributes. This section assumes you want Samba to be configured as a Windows NT domain controller, and will add the necessary LDAP objects and attributes."
8075
msgstr ""
8076
8077
#: serverguide/C/network-auth.xml:1402(para)
8078
msgid "The Samba attributes are defined in the <filename>samba.schema</filename> file which is part of the <application>samba-doc</application> package. The schema file needs to be unzipped and copied to <filename>/etc/ldap/schema</filename>. From a terminal prompt enter:"
8079
msgstr ""
8080
8081
#: serverguide/C/network-auth.xml:1409(command)
8082
msgid "sudo cp /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz /etc/ldap/schema/"
8083
msgstr ""
8084
8085
#: serverguide/C/network-auth.xml:1410(command)
12771
8086
msgid "sudo gzip -d /etc/ldap/schema/samba.schema.gz"
12772
8087
msgstr ""
12773
8088
12774
#: serverguide/C/network-auth.xml:1286(para)
12775
msgid ""
12776
"The <emphasis>samba</emphasis> schema needs to be added to the "
12777
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
12778
"<application>slapd</application> is also detailed in <xref "
12779
"linkend=\"openldap-configuration\"/>."
12780
msgstr ""
12781
12782
#: serverguide/C/network-auth.xml:1294(para) serverguide/C/network-auth.xml:2318(para)
12783
msgid ""
12784
"First, create a configuration file named "
12785
"<filename>schema_convert.conf</filename>, or a similar descriptive name, "
12786
"containing the following lines:"
12787
msgstr ""
12788
12789
#: serverguide/C/network-auth.xml:1299(programlisting)
12790
#, no-wrap
12791
msgid ""
12792
"\n"
12793
"include /etc/ldap/schema/core.schema\n"
12794
"include /etc/ldap/schema/collective.schema\n"
12795
"include /etc/ldap/schema/corba.schema\n"
12796
"include /etc/ldap/schema/cosine.schema\n"
12797
"include /etc/ldap/schema/duaconf.schema\n"
12798
"include /etc/ldap/schema/dyngroup.schema\n"
12799
"include /etc/ldap/schema/inetorgperson.schema\n"
12800
"include /etc/ldap/schema/java.schema\n"
12801
"include /etc/ldap/schema/misc.schema\n"
12802
"include /etc/ldap/schema/nis.schema\n"
12803
"include /etc/ldap/schema/openldap.schema\n"
12804
"include /etc/ldap/schema/ppolicy.schema\n"
12805
"include /etc/ldap/schema/samba.schema\n"
12806
msgstr ""
12807
12808
#: serverguide/C/network-auth.xml:1329(para) serverguide/C/network-auth.xml:2353(para)
12809
msgid ""
12810
"Now use <application>slapcat</application> to convert the schema files:"
12811
msgstr ""
12812
12813
#: serverguide/C/network-auth.xml:1334(command)
12814
msgid ""
12815
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
12816
"\"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
12817
msgstr ""
12818
12819
#: serverguide/C/network-auth.xml:1337(para) serverguide/C/network-auth.xml:2361(para)
12820
msgid ""
12821
"Change the above file and path names to match your own if they are different."
12822
msgstr ""
12823
12824
#: serverguide/C/network-auth.xml:1344(para)
12825
msgid ""
12826
"Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing "
12827
"the following attributes:"
12828
msgstr ""
12829
12830
#: serverguide/C/network-auth.xml:1348(programlisting)
12831
#, no-wrap
12832
msgid ""
12833
"\n"
12834
"dn: cn=samba,cn=schema,cn=config\n"
12835
"...\n"
12836
"cn: samba\n"
12837
msgstr ""
12838
12839
#: serverguide/C/network-auth.xml:1358(programlisting)
12840
#, no-wrap
12841
msgid ""
12842
"\n"
12843
"structuralObjectClass: olcSchemaConfig\n"
12844
"entryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\n"
12845
"creatorsName: cn=config\n"
12846
"createTimestamp: 20080827045234Z\n"
12847
"entryCSN: 20080827045234.341425Z#000000#000#000000\n"
12848
"modifiersName: cn=config\n"
12849
"modifyTimestamp: 20080827045234Z\n"
12850
msgstr ""
12851
12852
#: serverguide/C/network-auth.xml:1383(command)
8089
#: serverguide/C/network-auth.xml:1416(para)
8090
msgid "The <emphasis>samba</emphasis> schema needs to be added to the <emphasis>cn=config</emphasis> tree. The procedure to add a new schema to <application>slapd</application> is also detailed in <xref linkend=\"openldap-configuration\"/>."
8091
msgstr ""
8092
8093
#: serverguide/C/network-auth.xml:1424(para) serverguide/C/network-auth.xml:2448(para)
8094
msgid "First, create a configuration file named <filename>schema_convert.conf</filename>, or a similar descriptive name, containing the following lines:"
8095
msgstr ""
8096
8097
#: serverguide/C/network-auth.xml:1429(programlisting)
8098
#, no-wrap
8099
msgid "\ninclude /etc/ldap/schema/core.schema\ninclude /etc/ldap/schema/collective.schema\ninclude /etc/ldap/schema/corba.schema\ninclude /etc/ldap/schema/cosine.schema\ninclude /etc/ldap/schema/duaconf.schema\ninclude /etc/ldap/schema/dyngroup.schema\ninclude /etc/ldap/schema/inetorgperson.schema\ninclude /etc/ldap/schema/java.schema\ninclude /etc/ldap/schema/misc.schema\ninclude /etc/ldap/schema/nis.schema\ninclude /etc/ldap/schema/openldap.schema\ninclude /etc/ldap/schema/ppolicy.schema\ninclude /etc/ldap/schema/samba.schema\n"
8100
msgstr ""
8101
8102
#: serverguide/C/network-auth.xml:1459(para) serverguide/C/network-auth.xml:2483(para)
8103
msgid "Now use <application>slapcat</application> to convert the schema files:"
8104
msgstr ""
8105
8106
#: serverguide/C/network-auth.xml:1464(command)
8107
msgid "slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \"cn={12}samba,cn=schema,cn=config\" > /tmp/cn=samba.ldif"
8108
msgstr ""
8109
8110
#: serverguide/C/network-auth.xml:1467(para) serverguide/C/network-auth.xml:2491(para)
8111
msgid "Change the above file and path names to match your own if they are different."
8112
msgstr ""
8113
8114
#: serverguide/C/network-auth.xml:1474(para)
8115
msgid "Edit the generated <filename>/tmp/cn\\=samba.ldif</filename> file, changing the following attributes:"
8116
msgstr ""
8117
8118
#: serverguide/C/network-auth.xml:1478(programlisting)
8119
#, no-wrap
8120
msgid "\ndn: cn=samba,cn=schema,cn=config\n...\ncn: samba\n"
8121
msgstr ""
8122
8123
#: serverguide/C/network-auth.xml:1488(programlisting)
8124
#, no-wrap
8125
msgid "\nstructuralObjectClass: olcSchemaConfig\nentryUUID: b53b75ca-083f-102d-9fff-2f64fd123c95\ncreatorsName: cn=config\ncreateTimestamp: 20080827045234Z\nentryCSN: 20080827045234.341425Z#000000#000#000000\nmodifiersName: cn=config\nmodifyTimestamp: 20080827045234Z\n"
8126
msgstr ""
8127
8128
#: serverguide/C/network-auth.xml:1513(command)
12853
8129
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=samba.ldif"
12854
8130
msgstr ""
12855
8131
12856
#: serverguide/C/network-auth.xml:1389(para)
12857
msgid ""
12858
"There should now be a <emphasis>dn: "
12859
"cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next "
12860
"sequential schema, entry in the cn=config tree."
12861
msgstr ""
12862
12863
#: serverguide/C/network-auth.xml:1397(para)
12864
msgid ""
12865
"Copy and paste the following into a file named "
12866
"<filename>samba_indexes.ldif</filename>:"
12867
msgstr ""
12868
12869
#: serverguide/C/network-auth.xml:1401(programlisting)
8132
#: serverguide/C/network-auth.xml:1519(para)
8133
msgid "There should now be a <emphasis>dn: cn={X}misc,cn=schema,cn=config</emphasis>, where \"X\" is the next sequential schema, entry in the cn=config tree."
8134
msgstr ""
8135
8136
#: serverguide/C/network-auth.xml:1527(para)
8137
msgid "Copy and paste the following into a file named <filename>samba_indexes.ldif</filename>:"
8138
msgstr ""
8139
8140
#: serverguide/C/network-auth.xml:1531(programlisting)
12870
8141
#, no-wrap
12871
msgid ""
12872
"\n"
12873
"dn: olcDatabase={1}hdb,cn=config\n"
12874
"changetype: modify\n"
12875
"add: olcDbIndex\n"
12876
"olcDbIndex: uidNumber eq\n"
12877
"olcDbIndex: gidNumber eq\n"
12878
"olcDbIndex: loginShell eq\n"
12879
"olcDbIndex: uid eq,pres,sub\n"
12880
"olcDbIndex: memberUid eq,pres,sub\n"
12881
"olcDbIndex: uniqueMember eq,pres\n"
12882
"olcDbIndex: sambaSID eq\n"
12883
"olcDbIndex: sambaPrimaryGroupSID eq\n"
12884
"olcDbIndex: sambaGroupType eq\n"
12885
"olcDbIndex: sambaSIDList eq\n"
12886
"olcDbIndex: sambaDomainName eq\n"
12887
"olcDbIndex: default sub\n"
12888
msgstr ""
12889
12890
#: serverguide/C/network-auth.xml:1419(para)
12891
msgid ""
12892
"Using the <application>ldapmodify</application> utility load the new indexes:"
12893
msgstr ""
12894
12895
#: serverguide/C/network-auth.xml:1424(command)
8142
msgid "\ndn: olcDatabase={1}hdb,cn=config\nchangetype: modify\nadd: olcDbIndex\nolcDbIndex: uidNumber eq\nolcDbIndex: gidNumber eq\nolcDbIndex: loginShell eq\nolcDbIndex: uid eq,pres,sub\nolcDbIndex: memberUid eq,pres,sub\nolcDbIndex: uniqueMember eq,pres\nolcDbIndex: sambaSID eq\nolcDbIndex: sambaPrimaryGroupSID eq\nolcDbIndex: sambaGroupType eq\nolcDbIndex: sambaSIDList eq\nolcDbIndex: sambaDomainName eq\nolcDbIndex: default sub\n"
8143
msgstr ""
8144
8145
#: serverguide/C/network-auth.xml:1549(para)
8146
msgid "Using the <application>ldapmodify</application> utility load the new indexes:"
8147
msgstr ""
8148
8149
#: serverguide/C/network-auth.xml:1554(command)
12896
8150
msgid "ldapmodify -x -D cn=admin,cn=config -W -f samba_indexes.ldif"
12897
8151
msgstr ""
12898
8152
12899
#: serverguide/C/network-auth.xml:1426(para)
12900
msgid ""
12901
"If all went well you should see the new indexes using "
12902
"<application>ldapsearch</application>:"
12903
msgstr ""
12904
12905
#: serverguide/C/network-auth.xml:1431(command)
12906
msgid ""
12907
"ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
12908
msgstr ""
12909
12910
#: serverguide/C/network-auth.xml:1437(para)
12911
msgid ""
12912
"Next, configure the <application>smbldap-tools</application> package to "
12913
"match your environment. The package comes with a configuration script that "
12914
"will ask questions about the needed options. To run the script enter:"
12915
msgstr ""
12916
12917
#: serverguide/C/network-auth.xml:1443(command)
8153
#: serverguide/C/network-auth.xml:1556(para)
8154
msgid "If all went well you should see the new indexes using <application>ldapsearch</application>:"
8155
msgstr ""
8156
8157
#: serverguide/C/network-auth.xml:1561(command)
8158
msgid "ldapsearch -xLLL -D cn=admin,cn=config -x -b cn=config -W olcDatabase={1}hdb"
8159
msgstr ""
8160
8161
#: serverguide/C/network-auth.xml:1567(para)
8162
msgid "Next, configure the <application>smbldap-tools</application> package to match your environment. The package comes with a configuration script that will ask questions about the needed options. To run the script enter:"
8163
msgstr ""
8164
8165
#: serverguide/C/network-auth.xml:1573(command)
12918
8166
msgid "sudo gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz"
12919
8167
msgstr ""
12920
8168
12921
#: serverguide/C/network-auth.xml:1444(command)
8169
#: serverguide/C/network-auth.xml:1574(command)
12922
8170
msgid "sudo perl /usr/share/doc/smbldap-tools/configure.pl"
12923
8171
msgstr ""
12924
8172
12925
#: serverguide/C/network-auth.xml:1447(para)
12926
msgid ""
12927
"Once you have answered the questions, there should be <filename>/etc/smbldap-"
12928
"tools/smbldap.conf</filename> and <filename>/etc/smbldap-"
12929
"tools/smbldap_bind.conf</filename> files. These files are generated by the "
12930
"configure script, so if you made any mistakes while executing the script it "
12931
"may be simpler to edit the file appropriately."
12932
msgstr ""
12933
12934
#: serverguide/C/network-auth.xml:1457(para)
12935
msgid ""
12936
"The <application>smbldap-populate</application> script will add the "
12937
"necessary users, groups, and LDAP objects required for Samba. It is a good "
12938
"idea to make a backup LDAP Data Interchange Format (LDIF) file with "
12939
"<application>slapcat</application> before executing the command:"
12940
msgstr ""
12941
12942
#: serverguide/C/network-auth.xml:1464(command)
8173
#: serverguide/C/network-auth.xml:1577(para)
8174
msgid "Once you have answered the questions, there should be <filename>/etc/smbldap-tools/smbldap.conf</filename> and <filename>/etc/smbldap-tools/smbldap_bind.conf</filename> files. These files are generated by the configure script, so if you made any mistakes while executing the script it may be simpler to edit the file appropriately."
8175
msgstr ""
8176
8177
#: serverguide/C/network-auth.xml:1587(para)
8178
msgid "The <application>smbldap-populate</application> script will add the necessary users, groups, and LDAP objects required for Samba. It is a good idea to make a backup LDAP Data Interchange Format (LDIF) file with <application>slapcat</application> before executing the command:"
8179
msgstr ""
8180
8181
#: serverguide/C/network-auth.xml:1594(command)
12943
8182
msgid "sudo slapcat -l backup.ldif"
12944
8183
msgstr ""
12945
8184
12946
#: serverguide/C/network-auth.xml:1470(para)
12947
msgid ""
12948
"Once you have a current backup execute <application>smbldap-"
12949
"populate</application> by entering:"
8185
#: serverguide/C/network-auth.xml:1600(para)
8186
msgid "Once you have a current backup execute <application>smbldap-populate</application> by entering:"
12950
8187
msgstr ""
12951
8188
12952
#: serverguide/C/network-auth.xml:1475(command)
8189
#: serverguide/C/network-auth.xml:1605(command)
12953
8190
msgid "sudo smbldap-populate"
12954
8191
msgstr ""
12955
8192
12956
#: serverguide/C/network-auth.xml:1479(para)
12957
msgid ""
12958
"You can create an LDIF file containing the new Samba objects by executing "
12959
"<command>sudo smbldap-populate -e samba.ldif</command>. This allows you to "
12960
"look over the changes making sure everything is correct."
12961
msgstr ""
12962
12963
#: serverguide/C/network-auth.xml:1487(para)
12964
msgid ""
12965
"Your LDAP directory now has the necessary domain information to authenticate "
12966
"Samba users."
12967
msgstr ""
12968
12969
#: serverguide/C/network-auth.xml:1493(title)
8193
#: serverguide/C/network-auth.xml:1609(para)
8194
msgid "You can create an LDIF file containing the new Samba objects by executing <command>sudo smbldap-populate -e samba.ldif</command>. This allows you to look over the changes making sure everything is correct."
8195
msgstr ""
8196
8197
#: serverguide/C/network-auth.xml:1617(para)
8198
msgid "Your LDAP directory now has the necessary domain information to authenticate Samba users."
8199
msgstr ""
8200
8201
#: serverguide/C/network-auth.xml:1623(title)
12970
8202
msgid "Samba Configuration"
12971
8203
msgstr ""
12972
8204
12973
#: serverguide/C/network-auth.xml:1495(para)
12974
msgid ""
12975
"There a multiple ways to configure Samba for details on some common "
12976
"configurations see <xref linkend=\"windows-networking\"/>. To configure "
12977
"Samba to use LDAP, edit the main Samba configuration file "
12978
"<filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb "
12979
"backend</emphasis> option and adding the following:"
8205
#: serverguide/C/network-auth.xml:1625(para)
8206
msgid "There a multiple ways to configure Samba for details on some common configurations see <xref linkend=\"windows-networking\"/>. To configure Samba to use LDAP, edit the main Samba configuration file <filename>/etc/samba/smb.conf</filename> commenting the <emphasis>passdb backend</emphasis> option and adding the following:"
12980
8207
msgstr ""
12981
8208
12982
#: serverguide/C/network-auth.xml:1501(programlisting)
8209
#: serverguide/C/network-auth.xml:1631(programlisting)
12983
8210
#, no-wrap
12984
msgid ""
12985
"\n"
12986
"# passdb backend = tdbsam\n"
12987
"\n"
12988
"# LDAP Settings\n"
12989
" passdb backend = ldapsam:ldap://hostname\n"
12990
" ldap suffix = dc=example,dc=com\n"
12991
" ldap user suffix = ou=People\n"
12992
" ldap group suffix = ou=Groups\n"
12993
" ldap machine suffix = ou=Computers\n"
12994
" ldap idmap suffix = ou=Idmap\n"
12995
" ldap admin dn = cn=admin,dc=example,dc=com\n"
12996
" ldap ssl = start tls\n"
12997
" ldap passwd sync = yes\n"
12998
"...\n"
12999
" add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
8211
msgid "\n# passdb backend = tdbsam\n\n# LDAP Settings\n passdb backend = ldapsam:ldap://hostname\n ldap suffix = dc=example,dc=com\n ldap user suffix = ou=People\n ldap group suffix = ou=Groups\n ldap machine suffix = ou=Computers\n ldap idmap suffix = ou=Idmap\n ldap admin dn = cn=admin,dc=example,dc=com\n ldap ssl = start tls\n ldap passwd sync = yes\n...\n add machine script = sudo /usr/sbin/smbldap-useradd -t 0 -w \"%u\"\n"
13000
8212
msgstr ""
13001
8213
13002
#: serverguide/C/network-auth.xml:1518(para)
8214
#: serverguide/C/network-auth.xml:1648(para)
13003
8215
msgid "Restart <application>samba</application> to enable the new settings:"
13004
8216
msgstr ""
13005
8217
13006
#: serverguide/C/network-auth.xml:1526(para)
13007
msgid ""
13008
"Now Samba needs to know the LDAP admin password. From a terminal prompt "
13009
"enter:"
8218
#: serverguide/C/network-auth.xml:1656(para)
8219
msgid "Now Samba needs to know the LDAP admin password. From a terminal prompt enter:"
13010
8220
msgstr ""
13011
8221
13012
#: serverguide/C/network-auth.xml:1531(command)
8222
#: serverguide/C/network-auth.xml:1661(command)
13013
8223
msgid "sudo smbpasswd -w secret"
13014
8224
msgstr ""
13015
8225
13016
#: serverguide/C/network-auth.xml:1535(para)
13017
msgid ""
13018
"Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin "
13019
"password."
13020
msgstr ""
13021
13022
#: serverguide/C/network-auth.xml:1540(para)
13023
msgid ""
13024
"If you currently have users in LDAP, and you want them to authenticate using "
13025
"Samba, they will need some Samba attributes defined in the "
13026
"<filename>samba.schema</filename> file. Add the Samba attributes to existing "
13027
"users using the <application>smbpasswd</application> utility, replacing "
13028
"<emphasis role=\"italic\">username</emphasis> with an actual user:"
13029
msgstr ""
13030
13031
#: serverguide/C/network-auth.xml:1548(command)
8226
#: serverguide/C/network-auth.xml:1665(para)
8227
msgid "Replacing <emphasis role=\"italic\">secret</emphasis> with your LDAP admin password."
8228
msgstr ""
8229
8230
#: serverguide/C/network-auth.xml:1670(para)
8231
msgid "If you currently have users in LDAP, and you want them to authenticate using Samba, they will need some Samba attributes defined in the <filename>samba.schema</filename> file. Add the Samba attributes to existing users using the <application>smbpasswd</application> utility, replacing <emphasis role=\"italic\">username</emphasis> with an actual user:"
8232
msgstr ""
8233
8234
#: serverguide/C/network-auth.xml:1678(command)
13032
8235
msgid "sudo smbpasswd -a username"
13033
8236
msgstr ""
13034
8237
13035
#: serverguide/C/network-auth.xml:1551(para)
8238
#: serverguide/C/network-auth.xml:1681(para)
13036
8239
msgid "You will then be asked to enter the user's password."
13037
8240
msgstr ""
13038
8241
13039
#: serverguide/C/network-auth.xml:1555(para)
13040
msgid ""
13041
"To add new user, group, and machine accounts use the utilities from the "
13042
"<application>smbldap-tools</application> package. Here are some examples:"
13043
msgstr ""
13044
13045
#: serverguide/C/network-auth.xml:1562(para)
13046
msgid ""
13047
"To add a new user to LDAP with Samba attributes enter the following, "
13048
"replacing username with an actual username:"
13049
msgstr ""
13050
13051
#: serverguide/C/network-auth.xml:1566(command)
8242
#: serverguide/C/network-auth.xml:1685(para)
8243
msgid "To add new user, group, and machine accounts use the utilities from the <application>smbldap-tools</application> package. Here are some examples:"
8244
msgstr ""
8245
8246
#: serverguide/C/network-auth.xml:1692(para)
8247
msgid "To add a new user to LDAP with Samba attributes enter the following, replacing username with an actual username:"
8248
msgstr ""
8249
8250
#: serverguide/C/network-auth.xml:1696(command)
13052
8251
msgid "sudo smbldap-useradd -a -P username"
13053
8252
msgstr ""
13054
8253
13055
#: serverguide/C/network-auth.xml:1568(para)
13056
msgid ""
13057
"The <emphasis>-a</emphasis> option adds the Samba attributes, and the "
13058
"<emphasis>-P</emphasis> options calls the <application>smbldap-"
13059
"passwd</application> utility after the user is created allowing you to enter "
13060
"a password for the user."
8254
#: serverguide/C/network-auth.xml:1698(para)
8255
msgid "The <emphasis>-a</emphasis> option adds the Samba attributes, and the <emphasis>-P</emphasis> options calls the <application>smbldap-passwd</application> utility after the user is created allowing you to enter a password for the user."
13061
8256
msgstr ""
13062
8257
13063
#: serverguide/C/network-auth.xml:1574(para)
8258
#: serverguide/C/network-auth.xml:1704(para)
13064
8259
msgid "To remove a user from the directory enter:"
13065
8260
msgstr ""
13066
8261
13067
#: serverguide/C/network-auth.xml:1578(command)
8262
#: serverguide/C/network-auth.xml:1708(command)
13068
8263
msgid "sudo smbldap-userdel username"
13069
8264
msgstr ""
13070
8265
13071
#: serverguide/C/network-auth.xml:1580(para)
13072
msgid ""
13073
"The <application>smbldap-userdel</application> utility also has a <emphasis>-"
13074
"r</emphasis> option to remove the user's home directory."
13075
msgstr ""
13076
13077
#: serverguide/C/network-auth.xml:1585(para)
13078
msgid ""
13079
"Use <application>smbldap-groupadd</application> to add a group, replacing "
13080
"groupname with an appropriate group:"
13081
msgstr ""
13082
13083
#: serverguide/C/network-auth.xml:1589(command)
8266
#: serverguide/C/network-auth.xml:1710(para)
8267
msgid "The <application>smbldap-userdel</application> utility also has a <emphasis>-r</emphasis> option to remove the user's home directory."
8268
msgstr ""
8269
8270
#: serverguide/C/network-auth.xml:1715(para)
8271
msgid "Use <application>smbldap-groupadd</application> to add a group, replacing groupname with an appropriate group:"
8272
msgstr ""
8273
8274
#: serverguide/C/network-auth.xml:1719(command)
13084
8275
msgid "sudo smbldap-groupadd -a groupname"
13085
8276
msgstr ""
13086
8277
13087
#: serverguide/C/network-auth.xml:1591(para)
13088
msgid ""
13089
"Similar to <application>smbldap-useradd</application>, the <emphasis>-"
13090
"a</emphasis> adds the Samba attributes."
13091
msgstr ""
13092
13093
#: serverguide/C/network-auth.xml:1596(para)
13094
msgid ""
13095
"To add a user to a group use <application>smbldap-groupmod</application>:"
13096
msgstr ""
13097
13098
#: serverguide/C/network-auth.xml:1600(command)
8278
#: serverguide/C/network-auth.xml:1721(para)
8279
msgid "Similar to <application>smbldap-useradd</application>, the <emphasis>-a</emphasis> adds the Samba attributes."
8280
msgstr ""
8281
8282
#: serverguide/C/network-auth.xml:1726(para)
8283
msgid "To add a user to a group use <application>smbldap-groupmod</application>:"
8284
msgstr ""
8285
8286
#: serverguide/C/network-auth.xml:1730(command)
13099
8287
msgid "sudo smbldap-groupmod -m username groupname"
13100
8288
msgstr ""
13101
8289
13102
#: serverguide/C/network-auth.xml:1602(para)
13103
msgid ""
13104
"Be sure to replace <emphasis>username</emphasis> with a real user. Also, the "
13105
"<emphasis>-m</emphasis> option can add more than one user at a time by "
13106
"listing them in <emphasis>comma separated</emphasis> format."
13107
msgstr ""
13108
13109
#: serverguide/C/network-auth.xml:1608(para)
13110
msgid ""
13111
"<application>smbldap-groupmod</application> can also be used to remove a "
13112
"user from a group:"
13113
msgstr ""
13114
13115
#: serverguide/C/network-auth.xml:1612(command)
8290
#: serverguide/C/network-auth.xml:1732(para)
8291
msgid "Be sure to replace <emphasis>username</emphasis> with a real user. Also, the <emphasis>-m</emphasis> option can add more than one user at a time by listing them in <emphasis>comma separated</emphasis> format."
8292
msgstr ""
8293
8294
#: serverguide/C/network-auth.xml:1738(para)
8295
msgid "<application>smbldap-groupmod</application> can also be used to remove a user from a group:"
8296
msgstr ""
8297
8298
#: serverguide/C/network-auth.xml:1742(command)
13116
8299
msgid "sudo smbldap-groupmod -x username groupname"
13117
8300
msgstr ""
13118
8301
13119
#: serverguide/C/network-auth.xml:1616(para)
13120
msgid ""
13121
"Additionally, the <application>smbldap-useradd</application> utility can add "
13122
"Samba machine accounts:"
8302
#: serverguide/C/network-auth.xml:1746(para)
8303
msgid "Additionally, the <application>smbldap-useradd</application> utility can add Samba machine accounts:"
13123
8304
msgstr ""
13124
8305
13125
#: serverguide/C/network-auth.xml:1620(command)
8306
#: serverguide/C/network-auth.xml:1750(command)
13126
8307
msgid "sudo smbldap-useradd -t 0 -w username"
13127
8308
msgstr ""
13128
8309
13129
#: serverguide/C/network-auth.xml:1622(para)
13130
msgid ""
13131
"Replace <emphasis>username</emphasis> with the name of the workstation. The "
13132
"<emphasis>-t 0</emphasis> option creates the machine account without a "
13133
"delay, while the <emphasis>-w</emphasis> option specifies the user as a "
13134
"machine account. Also, note the <emphasis>add machine script</emphasis> "
13135
"option in <filename>/etc/samba/smb.conf</filename> was changed to use "
13136
"<application>smbldap-useradd</application>."
13137
msgstr ""
13138
13139
#: serverguide/C/network-auth.xml:1631(para)
13140
msgid ""
13141
"There are more useful utilities and options in the <application>smbldap-"
13142
"tools</application> package. The man page for each utility provides more "
13143
"details."
13144
msgstr ""
13145
13146
#: serverguide/C/network-auth.xml:1642(para)
13147
msgid ""
13148
"There are multiple places where LDAP and Samba is documented in the <ulink "
13149
"url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO "
13150
"Collection</ulink>."
13151
msgstr ""
13152
13153
#: serverguide/C/network-auth.xml:1648(para)
13154
msgid ""
13155
"Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-"
13156
"HOWTO-Collection/passdb.html\">passdb section</ulink>."
13157
msgstr ""
13158
13159
#: serverguide/C/network-auth.xml:1654(para)
13160
msgid ""
13161
"Another good site is <ulink url=\"http://www.iallanis.info/smbldap-"
13162
"tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
13163
msgstr ""
13164
13165
#: serverguide/C/network-auth.xml:1660(para)
13166
msgid ""
13167
"Again, for more information on <application>smbldap-tools</application> see "
13168
"the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-"
13169
"groupadd</command>, <command>man smbldap-populate</command>, etc."
13170
msgstr ""
13171
13172
#: serverguide/C/network-auth.xml:1670(title)
8310
#: serverguide/C/network-auth.xml:1752(para)
8311
msgid "Replace <emphasis>username</emphasis> with the name of the workstation. The <emphasis>-t 0</emphasis> option creates the machine account without a delay, while the <emphasis>-w</emphasis> option specifies the user as a machine account. Also, note the <emphasis>add machine script</emphasis> option in <filename>/etc/samba/smb.conf</filename> was changed to use <application>smbldap-useradd</application>."
8312
msgstr ""
8313
8314
#: serverguide/C/network-auth.xml:1761(para)
8315
msgid "There are more useful utilities and options in the <application>smbldap-tools</application> package. The man page for each utility provides more details."
8316
msgstr ""
8317
8318
#: serverguide/C/network-auth.xml:1772(para)
8319
msgid "There are multiple places where LDAP and Samba is documented in the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/\">Samba HOWTO Collection</ulink>."
8320
msgstr ""
8321
8322
#: serverguide/C/network-auth.xml:1778(para)
8323
msgid "Specifically see the <ulink url=\"http://samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html\">passdb section</ulink>."
8324
msgstr ""
8325
8326
#: serverguide/C/network-auth.xml:1784(para)
8327
msgid "Another good site is <ulink url=\"http://www.iallanis.info/smbldap-tools/docs/samba-ldap-howto/\">Samba OpenLDAP HOWTO</ulink>."
8328
msgstr ""
8329
8330
#: serverguide/C/network-auth.xml:1790(para)
8331
msgid "Again, for more information on <application>smbldap-tools</application> see the man pages: <command>man smbldap-useradd</command>, <command>man smbldap-groupadd</command>, <command>man smbldap-populate</command>, etc."
8332
msgstr ""
8333
8334
#: serverguide/C/network-auth.xml:1800(title)
13173
8335
msgid "Kerberos"
13174
8336
msgstr ""
13175
8337
13176
#: serverguide/C/network-auth.xml:1672(para)
13177
msgid ""
13178
"<application>Kerberos</application> is a network authentication system based "
13179
"on the principal of a trusted third party. The other two parties being the "
13180
"user and the service the user wishes to authenticate to. Not all services "
13181
"and applications can use Kerberos, but for those that can, it brings the "
13182
"network environment one step closer to being Single Sign On (SSO)."
13183
msgstr ""
13184
13185
#: serverguide/C/network-auth.xml:1678(para)
13186
msgid ""
13187
"This section covers installation and configuration of a Kerberos server, and "
13188
"some example client configurations."
13189
msgstr ""
13190
13191
#: serverguide/C/network-auth.xml:1685(para)
13192
msgid ""
13193
"If you are new to Kerberos there are a few terms that are good to understand "
13194
"before setting up a Kerberos server. Most of the terms will relate to things "
13195
"you may be familiar with in other environments:"
13196
msgstr ""
13197
13198
#: serverguide/C/network-auth.xml:1692(para)
13199
msgid ""
13200
"<emphasis>Principal:</emphasis> any users, computers, and services provided "
13201
"by servers need to be defined as Kerberos Principals."
13202
msgstr ""
13203
13204
#: serverguide/C/network-auth.xml:1697(para)
13205
msgid ""
13206
"<emphasis>Instances:</emphasis> are used for service principals and special "
13207
"administrative principals."
13208
msgstr ""
13209
13210
#: serverguide/C/network-auth.xml:1702(para)
13211
msgid ""
13212
"<emphasis>Realms:</emphasis> the unique realm of control provided by the "
13213
"Kerberos installation. Usually the DNS domain converted to uppercase "
13214
"(EXAMPLE.COM)."
13215
msgstr ""
13216
13217
#: serverguide/C/network-auth.xml:1708(para)
13218
msgid ""
13219
"<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, "
13220
"a database of all principals, the authentication server, and the ticket "
13221
"granting server. For each realm there must be at least one KDC."
13222
msgstr ""
13223
13224
#: serverguide/C/network-auth.xml:1714(para)
13225
msgid ""
13226
"<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication "
13227
"Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's "
13228
"password which is known only to the user and the KDC."
13229
msgstr ""
13230
13231
#: serverguide/C/network-auth.xml:1720(para)
13232
msgid ""
13233
"<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to "
13234
"clients upon request."
13235
msgstr ""
13236
13237
#: serverguide/C/network-auth.xml:1725(para)
13238
msgid ""
13239
"<emphasis>Tickets:</emphasis> confirm the identity of the two principals. "
13240
"One principal being a user and the other a service requested by the user. "
13241
"Tickets establish an encryption key used for secure communication during the "
13242
"authenticated session."
13243
msgstr ""
13244
13245
#: serverguide/C/network-auth.xml:1731(para)
13246
msgid ""
13247
"<emphasis>Keytab Files:</emphasis> are files extracted from the KDC "
13248
"principal database and contain the encryption key for a service or host."
13249
msgstr ""
13250
13251
#: serverguide/C/network-auth.xml:1738(para)
13252
msgid ""
13253
"To put the pieces together, a Realm has at least one KDC, preferably two for "
13254
"redundancy, which contains a database of Principals. When a user principal "
13255
"logs into a workstation, configured for Kerberos authentication, the KDC "
13256
"issues a Ticket Granting Ticket (TGT). If the user supplied credentials "
13257
"match, the user is authenticated and can then request tickets for Kerberized "
13258
"services from the Ticket Granting Server (TGS). The service tickets allow "
13259
"the user to authenticate to the service without entering another username "
13260
"and password."
13261
msgstr ""
13262
13263
#: serverguide/C/network-auth.xml:1747(title)
8338
#: serverguide/C/network-auth.xml:1802(para)
8339
msgid "<application>Kerberos</application> is a network authentication system based on the principal of a trusted third party. The other two parties being the user and the service the user wishes to authenticate to. Not all services and applications can use Kerberos, but for those that can, it brings the network environment one step closer to being Single Sign On (SSO)."
8340
msgstr ""
8341
8342
#: serverguide/C/network-auth.xml:1808(para)
8343
msgid "This section covers installation and configuration of a Kerberos server, and some example client configurations."
8344
msgstr ""
8345
8346
#: serverguide/C/network-auth.xml:1815(para)
8347
msgid "If you are new to Kerberos there are a few terms that are good to understand before setting up a Kerberos server. Most of the terms will relate to things you may be familiar with in other environments:"
8348
msgstr ""
8349
8350
#: serverguide/C/network-auth.xml:1822(para)
8351
msgid "<emphasis>Principal:</emphasis> any users, computers, and services provided by servers need to be defined as Kerberos Principals."
8352
msgstr ""
8353
8354
#: serverguide/C/network-auth.xml:1827(para)
8355
msgid "<emphasis>Instances:</emphasis> are used for service principals and special administrative principals."
8356
msgstr ""
8357
8358
#: serverguide/C/network-auth.xml:1832(para)
8359
msgid "<emphasis>Realms:</emphasis> the unique realm of control provided by the Kerberos installation. Usually the DNS domain converted to uppercase (EXAMPLE.COM)."
8360
msgstr ""
8361
8362
#: serverguide/C/network-auth.xml:1838(para)
8363
msgid "<emphasis>Key Distribution Center:</emphasis> (KDC) consist of three parts, a database of all principals, the authentication server, and the ticket granting server. For each realm there must be at least one KDC."
8364
msgstr ""
8365
8366
#: serverguide/C/network-auth.xml:1844(para)
8367
msgid "<emphasis>Ticket Granting Ticket:</emphasis> issued by the Authentication Server (AS), the Ticket Granting Ticket (TGT) is encrypted in the user's password which is known only to the user and the KDC."
8368
msgstr ""
8369
8370
#: serverguide/C/network-auth.xml:1850(para)
8371
msgid "<emphasis>Ticket Granting Server:</emphasis> (TGS) issues service tickets to clients upon request."
8372
msgstr ""
8373
8374
#: serverguide/C/network-auth.xml:1855(para)
8375
msgid "<emphasis>Tickets:</emphasis> confirm the identity of the two principals. One principal being a user and the other a service requested by the user. Tickets establish an encryption key used for secure communication during the authenticated session."
8376
msgstr ""
8377
8378
#: serverguide/C/network-auth.xml:1861(para)
8379
msgid "<emphasis>Keytab Files:</emphasis> are files extracted from the KDC principal database and contain the encryption key for a service or host."
8380
msgstr ""
8381
8382
#: serverguide/C/network-auth.xml:1868(para)
8383
msgid "To put the pieces together, a Realm has at least one KDC, preferably two for redundancy, which contains a database of Principals. When a user principal logs into a workstation, configured for Kerberos authentication, the KDC issues a Ticket Granting Ticket (TGT). If the user supplied credentials match, the user is authenticated and can then request tickets for Kerberized services from the Ticket Granting Server (TGS). The service tickets allow the user to authenticate to the service without entering another username and password."
8384
msgstr ""
8385
8386
#: serverguide/C/network-auth.xml:1877(title)
13264
8387
msgid "Kerberos Server"
13265
8388
msgstr ""
13266
8389
13267
#: serverguide/C/network-auth.xml:1751(para)
13268
msgid ""
13269
"Before installing the Kerberos server a properly configured DNS server is "
13270
"needed for your domain. Since the Kerberos Realm by convention matches the "
13271
"domain name, this section uses the <emphasis>example.com</emphasis> domain "
13272
"configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
13273
msgstr ""
13274
13275
#: serverguide/C/network-auth.xml:1757(para)
13276
msgid ""
13277
"Also, Kerberos is a time sensitive protocol. So if the local system time "
13278
"between a client machine and the server differs by more than five minutes "
13279
"(by default), the workstation will not be able to authenticate. To correct "
13280
"the problem all hosts should have their time synchronized using the "
13281
"<emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up "
13282
"NTP see <xref linkend=\"NTP\"/>."
13283
msgstr ""
13284
13285
#: serverguide/C/network-auth.xml:1764(para)
13286
msgid ""
13287
"The first step in installing a Kerberos Realm is to install the "
13288
"<application>krb5-kdc</application> and <application>krb5-admin-"
13289
"server</application> packages. From a terminal enter:"
13290
msgstr ""
13291
13292
#: serverguide/C/network-auth.xml:1770(command) serverguide/C/network-auth.xml:1945(command)
8390
#: serverguide/C/network-auth.xml:1881(para)
8391
msgid "Before installing the Kerberos server a properly configured DNS server is needed for your domain. Since the Kerberos Realm by convention matches the domain name, this section uses the <emphasis>example.com</emphasis> domain configured in <xref linkend=\"dns-primarymaster-configuration\"/>."
8392
msgstr ""
8393
8394
#: serverguide/C/network-auth.xml:1887(para)
8395
msgid "Also, Kerberos is a time sensitive protocol. So if the local system time between a client machine and the server differs by more than five minutes (by default), the workstation will not be able to authenticate. To correct the problem all hosts should have their time synchronized using the <emphasis>Network Time Protocol (NTP)</emphasis>. For details on setting up NTP see <xref linkend=\"NTP\"/>."
8396
msgstr ""
8397
8398
#: serverguide/C/network-auth.xml:1894(para)
8399
msgid "The first step in installing a Kerberos Realm is to install the <application>krb5-kdc</application> and <application>krb5-admin-server</application> packages. From a terminal enter:"
8400
msgstr ""
8401
8402
#: serverguide/C/network-auth.xml:1900(command) serverguide/C/network-auth.xml:2075(command)
13293
8403
msgid "sudo apt-get install krb5-kdc krb5-admin-server"
13294
8404
msgstr ""
13295
8405
13296
#: serverguide/C/network-auth.xml:1773(para)
13297
msgid ""
13298
"You will be asked at the end of the install to supply a name for the "
13299
"Kerberos and Admin servers, which may or may not be the same server, for the "
13300
"realm."
13301
msgstr ""
13302
13303
#: serverguide/C/network-auth.xml:1778(para)
13304
msgid ""
13305
"Next, create the new realm with the <application>kdb5_newrealm</application> "
13306
"utility:"
13307
msgstr ""
13308
13309
#: serverguide/C/network-auth.xml:1783(command)
8406
#: serverguide/C/network-auth.xml:1903(para)
8407
msgid "You will be asked at the end of the install to supply a name for the Kerberos and Admin servers, which may or may not be the same server, for the realm."
8408
msgstr ""
8409
8410
#: serverguide/C/network-auth.xml:1908(para)
8411
msgid "Next, create the new realm with the <application>kdb5_newrealm</application> utility:"
8412
msgstr ""
8413
8414
#: serverguide/C/network-auth.xml:1913(command)
13310
8415
msgid "sudo krb5_newrealm"
13311
8416
msgstr ""
13312
8417
13313
#: serverguide/C/network-auth.xml:1790(para)
13314
msgid ""
13315
"The questions asked during installation are used to configure the "
13316
"<filename>/etc/krb5.conf</filename> file. If you need to adjust the Key "
13317
"Distribution Center (KDC) settings simply edit the file and restart the "
13318
"<application>krb5-kdc</application> daemon."
13319
msgstr ""
13320
13321
#: serverguide/C/network-auth.xml:1798(para)
13322
msgid ""
13323
"Now that the KDC running an admin user is needed. It is recommended to use a "
13324
"different username from your everyday username. Using the "
13325
"<application>kadmin.local</application> utility in a terminal prompt enter:"
13326
msgstr ""
13327
13328
#: serverguide/C/network-auth.xml:1804(command) serverguide/C/network-auth.xml:2595(command)
8418
#: serverguide/C/network-auth.xml:1920(para)
8419
msgid "The questions asked during installation are used to configure the <filename>/etc/krb5.conf</filename> file. If you need to adjust the Key Distribution Center (KDC) settings simply edit the file and restart the <application>krb5-kdc</application> daemon."
8420
msgstr ""
8421
8422
#: serverguide/C/network-auth.xml:1928(para)
8423
msgid "Now that the KDC running an admin user is needed. It is recommended to use a different username from your everyday username. Using the <application>kadmin.local</application> utility in a terminal prompt enter:"
8424
msgstr ""
8425
8426
#: serverguide/C/network-auth.xml:1934(command) serverguide/C/network-auth.xml:2725(command)
13329
8427
msgid "sudo kadmin.local"
13330
8428
msgstr ""
13331
8429
13332
#: serverguide/C/network-auth.xml:1805(computeroutput)
8430
#: serverguide/C/network-auth.xml:1935(computeroutput)
13333
8431
#, no-wrap
13334
msgid ""
13335
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
13336
"kadmin.local:"
8432
msgid "Authenticating as principal root/admin@EXAMPLE.COM with password.\nkadmin.local:"
13337
8433
msgstr ""
13338
8434
13339
#: serverguide/C/network-auth.xml:1806(userinput)
8435
#: serverguide/C/network-auth.xml:1936(userinput)
13340
8436
#, no-wrap
13341
8437
msgid " addprinc steve/admin"
13342
8438
msgstr ""
13343
8439
13344
#: serverguide/C/network-auth.xml:1807(computeroutput)
8440
#: serverguide/C/network-auth.xml:1937(computeroutput)
13345
8441
#, no-wrap
13346
msgid ""
13347
"WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no "
13348
"policy\n"
13349
"Enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
13350
"Re-enter password for principal \"steve/admin@EXAMPLE.COM\": \n"
13351
"Principal \"steve/admin@EXAMPLE.COM\" created.\n"
13352
"kadmin.local:"
8442
msgid "WARNING: no policy specified for steve/admin@EXAMPLE.COM; defaulting to no policy\nEnter password for principal \"steve/admin@EXAMPLE.COM\": \nRe-enter password for principal \"steve/admin@EXAMPLE.COM\": \nPrincipal \"steve/admin@EXAMPLE.COM\" created.\nkadmin.local:"
13353
8443
msgstr ""
13354
8444
13355
#: serverguide/C/network-auth.xml:1811(userinput)
8445
#: serverguide/C/network-auth.xml:1941(userinput)
13356
8446
#, no-wrap
13357
8447
msgid " quit"
13358
8448
msgstr ""
13359
8449
13360
#: serverguide/C/network-auth.xml:1814(para)
13361
msgid ""
13362
"In the above example <emphasis role=\"italic\">steve</emphasis> is the "
13363
"<emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> "
13364
"is an <emphasis>Instance</emphasis>, and <emphasis "
13365
"role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis "
13366
"role=\"italic\">\"every day\"</emphasis> Principal would be "
13367
"<emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user "
13368
"rights."
13369
msgstr ""
13370
13371
#: serverguide/C/network-auth.xml:1822(para)
13372
msgid ""
13373
"Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with "
13374
"your Realm and admin username."
13375
msgstr ""
13376
13377
#: serverguide/C/network-auth.xml:1830(para)
13378
msgid ""
13379
"Next, the new admin user needs to have the appropriate Access Control List "
13380
"(ACL) permissions. The permissions are configured in the "
13381
"<filename>/etc/krb5kdc/kadm5.acl</filename> file:"
13382
msgstr ""
13383
13384
#: serverguide/C/network-auth.xml:1835(programlisting)
8450
#: serverguide/C/network-auth.xml:1944(para)
8451
msgid "In the above example <emphasis role=\"italic\">steve</emphasis> is the <emphasis>Principal</emphasis>, <emphasis role=\"italic\">/admin</emphasis> is an <emphasis>Instance</emphasis>, and <emphasis role=\"italic\">@EXAMPLE.COM</emphasis> signifies the realm. The <emphasis role=\"italic\">\"every day\"</emphasis> Principal would be <emphasis>steve@EXAMPLE.COM</emphasis>, and should have only normal user rights."
8452
msgstr ""
8453
8454
#: serverguide/C/network-auth.xml:1952(para)
8455
msgid "Replace <emphasis>EXAMPLE.COM</emphasis> and <emphasis>steve</emphasis> with your Realm and admin username."
8456
msgstr ""
8457
8458
#: serverguide/C/network-auth.xml:1960(para)
8459
msgid "Next, the new admin user needs to have the appropriate Access Control List (ACL) permissions. The permissions are configured in the <filename>/etc/krb5kdc/kadm5.acl</filename> file:"
8460
msgstr ""
8461
8462
#: serverguide/C/network-auth.xml:1965(programlisting)
13385
8463
#, no-wrap
13386
msgid ""
13387
"\n"
13388
"steve/admin@EXAMPLE.COM *\n"
13389
msgstr ""
13390
13391
#: serverguide/C/network-auth.xml:1839(para)
13392
msgid ""
13393
"This entry grants <emphasis>steve/admin</emphasis> the ability to perform "
13394
"any operation on all principals in the realm."
13395
msgstr ""
13396
13397
#: serverguide/C/network-auth.xml:1846(para)
13398
msgid ""
13399
"Now restart the <application>krb5-admin-server</application> for the new ACL "
13400
"to take affect:"
13401
msgstr ""
13402
13403
#: serverguide/C/network-auth.xml:1851(command)
8464
msgid "\nsteve/admin@EXAMPLE.COM *\n"
8465
msgstr ""
8466
8467
#: serverguide/C/network-auth.xml:1969(para)
8468
msgid "This entry grants <emphasis>steve/admin</emphasis> the ability to perform any operation on all principals in the realm."
8469
msgstr ""
8470
8471
#: serverguide/C/network-auth.xml:1976(para)
8472
msgid "Now restart the <application>krb5-admin-server</application> for the new ACL to take affect:"
8473
msgstr ""
8474
8475
#: serverguide/C/network-auth.xml:1981(command)
13404
8476
msgid "sudo /etc/init.d/krb5-admin-server restart"
13405
8477
msgstr ""
13406
8478
13407
#: serverguide/C/network-auth.xml:1857(para)
13408
msgid ""
13409
"The new user principal can be tested using the <application>kinit "
13410
"utility</application>:"
8479
#: serverguide/C/network-auth.xml:1987(para)
8480
msgid "The new user principal can be tested using the <application>kinit utility</application>:"
13411
8481
msgstr ""
13412
8482
13413
#: serverguide/C/network-auth.xml:1862(command)
8483
#: serverguide/C/network-auth.xml:1992(command)
13414
8484
msgid "kinit steve/admin"
13415
8485
msgstr ""
13416
8486
13417
#: serverguide/C/network-auth.xml:1863(computeroutput)
8487
#: serverguide/C/network-auth.xml:1993(computeroutput)
13418
8488
#, no-wrap
13419
8489
msgid "steve/admin@EXAMPLE.COM's Password:"
13420
8490
msgstr ""
13421
8491
13422
#: serverguide/C/network-auth.xml:1866(para)
13423
msgid ""
13424
"After entering the password, use the <application>klist</application> "
13425
"utility to view information about the Ticket Granting Ticket (TGT):"
8492
#: serverguide/C/network-auth.xml:1996(para)
8493
msgid "After entering the password, use the <application>klist</application> utility to view information about the Ticket Granting Ticket (TGT):"
13426
8494
msgstr ""
13427
8495
13428
#: serverguide/C/network-auth.xml:1872(command) serverguide/C/network-auth.xml:2207(command)
8496
#: serverguide/C/network-auth.xml:2002(command) serverguide/C/network-auth.xml:2337(command)
13429
8497
msgid "klist"
13430
8498
msgstr ""
13431
8499
13432
#: serverguide/C/network-auth.xml:1873(computeroutput)
13433
#, no-wrap
13434
msgid ""
13435
"Credentials cache: FILE:/tmp/krb5cc_1000\n"
13436
" Principal: steve/admin@EXAMPLE.COM\n"
13437
"\n"
13438
" Issued Expires Principal\n"
13439
"Jul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
13440
msgstr ""
13441
13442
#: serverguide/C/network-auth.xml:1880(para)
13443
msgid ""
13444
"You may need to add an entry into the <filename>/etc/hosts</filename> for "
13445
"the KDC. For example:"
13446
msgstr ""
13447
13448
#: serverguide/C/network-auth.xml:1884(programlisting)
13449
#, no-wrap
13450
msgid ""
13451
"\n"
13452
"192.168.0.1 kdc01.example.com kdc01\n"
13453
msgstr ""
13454
13455
#: serverguide/C/network-auth.xml:1888(para)
13456
msgid ""
13457
"Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
13458
msgstr ""
13459
13460
#: serverguide/C/network-auth.xml:1895(para)
13461
msgid ""
13462
"In order for clients to determine the KDC for the Realm some DNS SRV records "
13463
"are needed. Add the following to "
13464
"<filename>/etc/named/db.example.com</filename>:"
13465
msgstr ""
13466
13467
#: serverguide/C/network-auth.xml:1900(programlisting)
13468
#, no-wrap
13469
msgid ""
13470
"\n"
13471
"_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
13472
"_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n"
13473
"_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
13474
"_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n"
13475
"_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n"
13476
"_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
13477
msgstr ""
13478
13479
#: serverguide/C/network-auth.xml:1910(para)
13480
msgid ""
13481
"Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and "
13482
"<emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary "
13483
"KDC."
13484
msgstr ""
13485
13486
#: serverguide/C/network-auth.xml:1916(para)
13487
msgid ""
13488
"See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
13489
msgstr ""
13490
13491
#: serverguide/C/network-auth.xml:1923(para)
8500
#: serverguide/C/network-auth.xml:2003(computeroutput)
8501
#, no-wrap
8502
msgid "Credentials cache: FILE:/tmp/krb5cc_1000\n Principal: steve/admin@EXAMPLE.COM\n\n Issued Expires Principal\nJul 13 17:53:34 Jul 14 03:53:34 krbtgt/EXAMPLE.COM@EXAMPLE.COM"
8503
msgstr ""
8504
8505
#: serverguide/C/network-auth.xml:2010(para)
8506
msgid "You may need to add an entry into the <filename>/etc/hosts</filename> for the KDC. For example:"
8507
msgstr ""
8508
8509
#: serverguide/C/network-auth.xml:2014(programlisting)
8510
#, no-wrap
8511
msgid "\n192.168.0.1 kdc01.example.com kdc01\n"
8512
msgstr ""
8513
8514
#: serverguide/C/network-auth.xml:2018(para)
8515
msgid "Replacing <emphasis>192.168.0.1</emphasis> with the IP address of your KDC."
8516
msgstr ""
8517
8518
#: serverguide/C/network-auth.xml:2025(para)
8519
msgid "In order for clients to determine the KDC for the Realm some DNS SRV records are needed. Add the following to <filename>/etc/named/db.example.com</filename>:"
8520
msgstr ""
8521
8522
#: serverguide/C/network-auth.xml:2030(programlisting)
8523
#, no-wrap
8524
msgid "\n_kerberos._udp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n_kerberos._tcp.EXAMPLE.COM. IN SRV 1 0 88 kdc01.example.com.\n_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n_kerberos._tcp.EXAMPLE.COM. IN SRV 10 0 88 kdc02.example.com. \n_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 1 0 749 kdc01.example.com.\n_kpasswd._udp.EXAMPLE.COM. IN SRV 1 0 464 kdc01.example.com.\n"
8525
msgstr ""
8526
8527
#: serverguide/C/network-auth.xml:2040(para)
8528
msgid "Replace <emphasis>EXAMPLE.COM</emphasis>, <emphasis>kdc01</emphasis>, and <emphasis>kdc02</emphasis> with your domain name, primary KDC, and secondary KDC."
8529
msgstr ""
8530
8531
#: serverguide/C/network-auth.xml:2046(para)
8532
msgid "See <xref linkend=\"dns\"/> for detailed instructions on setting up DNS."
8533
msgstr ""
8534
8535
#: serverguide/C/network-auth.xml:2053(para)
13492
8536
msgid "Your new Kerberos Realm is now ready to authenticate clients."
13493
8537
msgstr ""
13494
8538
13495
#: serverguide/C/network-auth.xml:1930(title)
8539
#: serverguide/C/network-auth.xml:2060(title)
13496
8540
msgid "Secondary KDC"
13497
8541
msgstr ""
13498
8542
13499
#: serverguide/C/network-auth.xml:1932(para)
13500
msgid ""
13501
"Once you have one Key Distribution Center (KDC) on your network, it is good "
13502
"practice to have a Secondary KDC in case the primary becomes unavailable."
13503
msgstr ""
13504
13505
#: serverguide/C/network-auth.xml:1940(para)
13506
msgid ""
13507
"First, install the packages, and when asked for the Kerberos and Admin "
13508
"server names enter the name of the Primary KDC:"
13509
msgstr ""
13510
13511
#: serverguide/C/network-auth.xml:1951(para)
13512
msgid ""
13513
"Once you have the packages installed, create the Secondary KDC's host "
13514
"principal. From a terminal prompt, enter:"
13515
msgstr ""
13516
13517
#: serverguide/C/network-auth.xml:1956(command)
8543
#: serverguide/C/network-auth.xml:2062(para)
8544
msgid "Once you have one Key Distribution Center (KDC) on your network, it is good practice to have a Secondary KDC in case the primary becomes unavailable."
8545
msgstr ""
8546
8547
#: serverguide/C/network-auth.xml:2070(para)
8548
msgid "First, install the packages, and when asked for the Kerberos and Admin server names enter the name of the Primary KDC:"
8549
msgstr ""
8550
8551
#: serverguide/C/network-auth.xml:2081(para)
8552
msgid "Once you have the packages installed, create the Secondary KDC's host principal. From a terminal prompt, enter:"
8553
msgstr ""
8554
8555
#: serverguide/C/network-auth.xml:2086(command)
13518
8556
msgid "kadmin -q \"addprinc -randkey host/kdc02.example.com\""
13519
8557
msgstr ""
13520
8558
13521
#: serverguide/C/network-auth.xml:1960(para)
13522
msgid ""
13523
"After, issuing any <application>kadmin</application> commands you will be "
13524
"prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal "
13525
"password."
8559
#: serverguide/C/network-auth.xml:2090(para)
8560
msgid "After, issuing any <application>kadmin</application> commands you will be prompted for your <emphasis>username/admin@EXAMPLE.COM</emphasis> principal password."
13526
8561
msgstr ""
13527
8562
13528
#: serverguide/C/network-auth.xml:1969(para)
8563
#: serverguide/C/network-auth.xml:2099(para)
13529
8564
msgid "Extract the <emphasis>keytab</emphasis> file:"
13530
8565
msgstr ""
13531
8566
13532
#: serverguide/C/network-auth.xml:1974(command)
8567
#: serverguide/C/network-auth.xml:2104(command)
13533
8568
msgid "kadmin -q \"ktadd -k keytab.kdc02 host/kdc02.example.com\""
13534
8569
msgstr ""
13535
8570
13536
#: serverguide/C/network-auth.xml:1980(para)
13537
msgid ""
13538
"There should now be a <filename>keytab.kdc02</filename> in the current "
13539
"directory, move the file to <filename>/etc/krb5.keytab</filename>:"
8571
#: serverguide/C/network-auth.xml:2110(para)
8572
msgid "There should now be a <filename>keytab.kdc02</filename> in the current directory, move the file to <filename>/etc/krb5.keytab</filename>:"
13540
8573
msgstr ""
13541
8574
13542
#: serverguide/C/network-auth.xml:1986(command)
8575
#: serverguide/C/network-auth.xml:2116(command)
13543
8576
msgid "sudo mv keytab.kdc02 /etc/krb5.keytab"
13544
8577
msgstr ""
13545
8578
13546
#: serverguide/C/network-auth.xml:1990(para)
13547
msgid ""
13548
"If the path to the <filename>keytab.kdc02</filename> file is different "
13549
"adjust accordingly."
13550
msgstr ""
13551
13552
#: serverguide/C/network-auth.xml:1995(para)
13553
msgid ""
13554
"Also, you can list the principals in a Keytab file, which can be useful when "
13555
"troubleshooting, using the <application>klist</application> utility:"
13556
msgstr ""
13557
13558
#: serverguide/C/network-auth.xml:2001(command)
8579
#: serverguide/C/network-auth.xml:2120(para)
8580
msgid "If the path to the <filename>keytab.kdc02</filename> file is different adjust accordingly."
8581
msgstr ""
8582
8583
#: serverguide/C/network-auth.xml:2125(para)
8584
msgid "Also, you can list the principals in a Keytab file, which can be useful when troubleshooting, using the <application>klist</application> utility:"
8585
msgstr ""
8586
8587
#: serverguide/C/network-auth.xml:2131(command)
13559
8588
msgid "sudo klist -k /etc/krb5.keytab"
13560
8589
msgstr ""
13561
8590
13562
#: serverguide/C/network-auth.xml:2007(para)
13563
msgid ""
13564
"Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC "
13565
"that lists all KDCs for the Realm. For example, on both primary and "
13566
"secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
8591
#: serverguide/C/network-auth.xml:2137(para)
8592
msgid "Next, there needs to be a <filename>kpropd.acl</filename> file on each KDC that lists all KDCs for the Realm. For example, on both primary and secondary KDC, create <filename>/etc/krb5kdc/kpropd.acl</filename>:"
13567
8593
msgstr ""
13568
8594
13569
#: serverguide/C/network-auth.xml:2012(programlisting)
8595
#: serverguide/C/network-auth.xml:2142(programlisting)
13570
8596
#, no-wrap
13571
msgid ""
13572
"\n"
13573
"host/kdc01.example.com@EXAMPLE.COM\n"
13574
"host/kdc02.example.com@EXAMPLE.COM\n"
8597
msgid "\nhost/kdc01.example.com@EXAMPLE.COM\nhost/kdc02.example.com@EXAMPLE.COM\n"
13575
8598
msgstr ""
13576
8599
13577
#: serverguide/C/network-auth.xml:2020(para)
8600
#: serverguide/C/network-auth.xml:2150(para)
13578
8601
msgid "Create an empty database on the <emphasis>Secondary KDC</emphasis>:"
13579
8602
msgstr ""
13580
8603
13581
#: serverguide/C/network-auth.xml:2025(command)
8604
#: serverguide/C/network-auth.xml:2155(command)
13582
8605
msgid "sudo kdb5_util -s create"
13583
8606
msgstr ""
13584
8607
13585
#: serverguide/C/network-auth.xml:2031(para)
13586
msgid ""
13587
"Now start the <application>kpropd</application> daemon, which listens for "
13588
"connections from the <application>kprop</application> utility. "
13589
"<application>kprop</application> is used to transfer dump files:"
8608
#: serverguide/C/network-auth.xml:2161(para)
8609
msgid "Now start the <application>kpropd</application> daemon, which listens for connections from the <application>kprop</application> utility. <application>kprop</application> is used to transfer dump files:"
13590
8610
msgstr ""
13591
8611
13592
#: serverguide/C/network-auth.xml:2038(command)
8612
#: serverguide/C/network-auth.xml:2168(command)
13593
8613
msgid "sudo kpropd -S"
13594
8614
msgstr ""
13595
8615
13596
#: serverguide/C/network-auth.xml:2044(para)
13597
msgid ""
13598
"From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file "
13599
"of the principal database:"
8616
#: serverguide/C/network-auth.xml:2174(para)
8617
msgid "From a terminal on the <emphasis>Primary KDC</emphasis>, create a dump file of the principal database:"
13600
8618
msgstr ""
13601
8619
13602
#: serverguide/C/network-auth.xml:2049(command)
8620
#: serverguide/C/network-auth.xml:2179(command)
13603
8621
msgid "sudo kdb5_util dump /var/lib/krb5kdc/dump"
13604
8622
msgstr ""
13605
8623
13606
#: serverguide/C/network-auth.xml:2055(para)
13607
msgid ""
13608
"Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to "
13609
"<filename>/etc/krb5.keytab</filename>:"
8624
#: serverguide/C/network-auth.xml:2185(para)
8625
msgid "Extract the Primary KDC's <emphasis>keytab</emphasis> file and copy it to <filename>/etc/krb5.keytab</filename>:"
13610
8626
msgstr ""
13611
8627
13612
#: serverguide/C/network-auth.xml:2060(command)
8628
#: serverguide/C/network-auth.xml:2190(command)
13613
8629
msgid "kadmin -q \"ktadd -k keytab.kdc01 host/kdc01.example.com\""
13614
8630
msgstr ""
13615
8631
13616
#: serverguide/C/network-auth.xml:2061(command)
8632
#: serverguide/C/network-auth.xml:2191(command)
13617
8633
msgid "sudo mv keytab.kdc01 /etc/kr5b.keytab"
13618
8634
msgstr ""
13619
8635
13620
#: serverguide/C/network-auth.xml:2065(para)
13621
msgid ""
13622
"Make sure there is a <emphasis>host</emphasis> for "
13623
"<emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
13624
msgstr ""
13625
13626
#: serverguide/C/network-auth.xml:2073(para)
13627
msgid ""
13628
"Using the <application>kprop</application> utility push the database to the "
13629
"Secondary KDC:"
13630
msgstr ""
13631
13632
#: serverguide/C/network-auth.xml:2078(command)
8636
#: serverguide/C/network-auth.xml:2195(para)
8637
msgid "Make sure there is a <emphasis>host</emphasis> for <emphasis>kdc01.example.com</emphasis> before extracting the Keytab."
8638
msgstr ""
8639
8640
#: serverguide/C/network-auth.xml:2203(para)
8641
msgid "Using the <application>kprop</application> utility push the database to the Secondary KDC:"
8642
msgstr ""
8643
8644
#: serverguide/C/network-auth.xml:2208(command)
13633
8645
msgid "sudo kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com"
13634
8646
msgstr ""
13635
8647
13636
#: serverguide/C/network-auth.xml:2082(para)
13637
msgid ""
13638
"There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation "
13639
"worked. If there is an error message check "
13640
"<filename>/var/log/syslog</filename> on the secondary KDC for more "
13641
"information."
13642
msgstr ""
13643
13644
#: serverguide/C/network-auth.xml:2088(para)
13645
msgid ""
13646
"You may also want to create a <application>cron</application> job to "
13647
"periodically update the database on the Secondary KDC. For example, the "
13648
"following will push the database every hour:"
13649
msgstr ""
13650
13651
#: serverguide/C/network-auth.xml:2093(programlisting)
8648
#: serverguide/C/network-auth.xml:2212(para)
8649
msgid "There should be a <emphasis>SUCCEEDED</emphasis> message if the propagation worked. If there is an error message check <filename>/var/log/syslog</filename> on the secondary KDC for more information."
8650
msgstr ""
8651
8652
#: serverguide/C/network-auth.xml:2218(para)
8653
msgid "You may also want to create a <application>cron</application> job to periodically update the database on the Secondary KDC. For example, the following will push the database every hour:"
8654
msgstr ""
8655
8656
#: serverguide/C/network-auth.xml:2223(programlisting)
13652
8657
#, no-wrap
13653
msgid ""
13654
"\n"
13655
"# m h dom mon dow command\n"
13656
"0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && "
13657
"/usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
13658
msgstr ""
13659
13660
#: serverguide/C/network-auth.xml:2101(para)
13661
msgid ""
13662
"Back on the <emphasis>Secondary KDC</emphasis>, create a "
13663
"<emphasis>stash</emphasis> file to hold the Kerberos master key:"
13664
msgstr ""
13665
13666
#: serverguide/C/network-auth.xml:2107(command)
8658
msgid "\n# m h dom mon dow command\n0 * * * * /usr/sbin/kdb5_util dump /var/lib/krb5kdc/dump && /usr/sbin/kprop -r EXAMPLE.COM -f /var/lib/krb5kdc/dump kdc02.example.com\n"
8659
msgstr ""
8660
8661
#: serverguide/C/network-auth.xml:2231(para)
8662
msgid "Back on the <emphasis>Secondary KDC</emphasis>, create a <emphasis>stash</emphasis> file to hold the Kerberos master key:"
8663
msgstr ""
8664
8665
#: serverguide/C/network-auth.xml:2237(command)
13667
8666
msgid "sudo kdb5_util stash"
13668
8667
msgstr ""
13669
8668
13670
#: serverguide/C/network-auth.xml:2113(para)
13671
msgid ""
13672
"Finally, start the <application>krb5-kdc</application> daemon on the "
13673
"Secondary KDC:"
8669
#: serverguide/C/network-auth.xml:2243(para)
8670
msgid "Finally, start the <application>krb5-kdc</application> daemon on the Secondary KDC:"
13674
8671
msgstr ""
13675
8672
13676
#: serverguide/C/network-auth.xml:2118(command) serverguide/C/network-auth.xml:2725(command)
8673
#: serverguide/C/network-auth.xml:2248(command) serverguide/C/network-auth.xml:2855(command)
13677
8674
msgid "sudo /etc/init.d/krb5-kdc start"
13678
8675
msgstr ""
13679
8676
13680
#: serverguide/C/network-auth.xml:2124(para)
13681
msgid ""
13682
"The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets "
13683
"for the Realm. You can test this by stopping the <application>krb5-"
13684
"kdc</application> daemon on the Primary KDC, then use "
13685
"<application>kinit</application> to request a ticket. If all goes well you "
13686
"should receive a ticket from the Secondary KDC."
8677
#: serverguide/C/network-auth.xml:2254(para)
8678
msgid "The <emphasis>Secondary KDC</emphasis> should now be able to issue tickets for the Realm. You can test this by stopping the <application>krb5-kdc</application> daemon on the Primary KDC, then use <application>kinit</application> to request a ticket. If all goes well you should receive a ticket from the Secondary KDC."
13687
8679
msgstr ""
13688
8680
13689
#: serverguide/C/network-auth.xml:2132(title)
8681
#: serverguide/C/network-auth.xml:2262(title)
13690
8682
msgid "Kerberos Linux Client"
13691
8683
msgstr ""
13692
8684
13693
#: serverguide/C/network-auth.xml:2134(para)
13694
msgid ""
13695
"This section covers configuring a Linux system as a "
13696
"<application>Kerberos</application> client. This will allow access to any "
13697
"kerberized services once a user has successfully logged into the system."
13698
msgstr ""
13699
13700
#: serverguide/C/network-auth.xml:2142(para)
13701
msgid ""
13702
"In order to authenticate to a Kerberos Realm, the <application>krb5-"
13703
"user</application> and <application>libpam-krb5</application> packages are "
13704
"needed, along with a few others that are not strictly necessary but make "
13705
"life easier. To install the packages enter the following in a terminal "
13706
"prompt:"
13707
msgstr ""
13708
13709
#: serverguide/C/network-auth.xml:2149(command)
13710
msgid ""
13711
"sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
13712
msgstr ""
13713
13714
#: serverguide/C/network-auth.xml:2152(para)
13715
msgid ""
13716
"The <application>auth-client-config</application> package allows simple "
13717
"configuration of PAM for authentication from multiple sources, and the "
13718
"<application>libpam-ccreds</application> will cache authentication "
13719
"credentials allowing you to login in case the Key Distribution Center (KDC) "
13720
"is unavailable. This package is also useful for laptops that may "
13721
"authenticate using Kerberos while on the corporate network, but will need to "
13722
"be accessed off the network as well."
13723
msgstr ""
13724
13725
#: serverguide/C/network-auth.xml:2163(para)
8685
#: serverguide/C/network-auth.xml:2264(para)
8686
msgid "This section covers configuring a Linux system as a <application>Kerberos</application> client. This will allow access to any kerberized services once a user has successfully logged into the system."
8687
msgstr ""
8688
8689
#: serverguide/C/network-auth.xml:2272(para)
8690
msgid "In order to authenticate to a Kerberos Realm, the <application>krb5-user</application> and <application>libpam-krb5</application> packages are needed, along with a few others that are not strictly necessary but make life easier. To install the packages enter the following in a terminal prompt:"
8691
msgstr ""
8692
8693
#: serverguide/C/network-auth.xml:2279(command)
8694
msgid "sudo apt-get install krb5-user libpam-krb5 libpam-ccreds auth-client-config"
8695
msgstr ""
8696
8697
#: serverguide/C/network-auth.xml:2282(para)
8698
msgid "The <application>auth-client-config</application> package allows simple configuration of PAM for authentication from multiple sources, and the <application>libpam-ccreds</application> will cache authentication credentials allowing you to login in case the Key Distribution Center (KDC) is unavailable. This package is also useful for laptops that may authenticate using Kerberos while on the corporate network, but will need to be accessed off the network as well."
8699
msgstr ""
8700
8701
#: serverguide/C/network-auth.xml:2293(para)
13726
8702
msgid "To configure the client in a terminal enter:"
13727
8703
msgstr ""
13728
8704
13729
#: serverguide/C/network-auth.xml:2168(command)
8705
#: serverguide/C/network-auth.xml:2298(command)
13730
8706
msgid "sudo dpkg-reconfigure krb5-config"
13731
8707
msgstr ""
13732
8708
13733
#: serverguide/C/network-auth.xml:2171(para)
13734
msgid ""
13735
"You will then be prompted to enter the name of the Kerberos Realm. Also, if "
13736
"you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> "
13737
"records, the menu will prompt you for the hostname of the Key Distribution "
13738
"Center (KDC) and Realm Administration server."
13739
msgstr ""
13740
13741
#: serverguide/C/network-auth.xml:2177(para)
13742
msgid ""
13743
"The <application>dpkg-reconfigure</application> adds entries to the "
13744
"<filename>/etc/krb5.conf</filename> file for your Realm. You should have "
13745
"entries similar to the following:"
13746
msgstr ""
13747
13748
#: serverguide/C/network-auth.xml:2182(programlisting)
8709
#: serverguide/C/network-auth.xml:2301(para)
8710
msgid "You will then be prompted to enter the name of the Kerberos Realm. Also, if you don't have DNS configured with Kerberos <emphasis>SRV</emphasis> records, the menu will prompt you for the hostname of the Key Distribution Center (KDC) and Realm Administration server."
8711
msgstr ""
8712
8713
#: serverguide/C/network-auth.xml:2307(para)
8714
msgid "The <application>dpkg-reconfigure</application> adds entries to the <filename>/etc/krb5.conf</filename> file for your Realm. You should have entries similar to the following:"
8715
msgstr ""
8716
8717
#: serverguide/C/network-auth.xml:2312(programlisting)
13749
8718
#, no-wrap
13750
msgid ""
13751
"\n"
13752
"[libdefaults]\n"
13753
" default_realm = EXAMPLE.COM\n"
13754
"...\n"
13755
"[realms]\n"
13756
" EXAMPLE.COM = } \n"
13757
" kdc = 192.168.0.1 \n"
13758
" admin_server = 192.168.0.1\n"
13759
" }\n"
13760
msgstr ""
13761
13762
#: serverguide/C/network-auth.xml:2193(para)
13763
msgid ""
13764
"You can test the configuration by requesting a ticket using the "
13765
"<application>kinit</application> utility. For example:"
13766
msgstr ""
13767
13768
#: serverguide/C/network-auth.xml:2198(command)
8719
msgid "\n[libdefaults]\n default_realm = EXAMPLE.COM\n...\n[realms]\n EXAMPLE.COM = } \n kdc = 192.168.0.1 \n admin_server = 192.168.0.1\n }\n"
8720
msgstr ""
8721
8722
#: serverguide/C/network-auth.xml:2323(para)
8723
msgid "You can test the configuration by requesting a ticket using the <application>kinit</application> utility. For example:"
8724
msgstr ""
8725
8726
#: serverguide/C/network-auth.xml:2328(command)
13769
8727
msgid "kinit steve@EXAMPLE.COM"
13770
8728
msgstr ""
13771
8729
13772
#: serverguide/C/network-auth.xml:2199(computeroutput)
8730
#: serverguide/C/network-auth.xml:2329(computeroutput)
13773
8731
#, no-wrap
13774
8732
msgid "Password for steve@EXAMPLE.COM:"
13775
8733
msgstr ""
13776
8734
13777
#: serverguide/C/network-auth.xml:2202(para)
13778
msgid ""
13779
"When a ticket has been granted, the details can be viewed using "
13780
"<application>klist</application>:"
8735
#: serverguide/C/network-auth.xml:2332(para)
8736
msgid "When a ticket has been granted, the details can be viewed using <application>klist</application>:"
13781
8737
msgstr ""
13782
8738
13783
#: serverguide/C/network-auth.xml:2208(computeroutput)
8739
#: serverguide/C/network-auth.xml:2338(computeroutput)
13784
8740
#, no-wrap
13785
msgid ""
13786
"Ticket cache: FILE:/tmp/krb5cc_1000\n"
13787
"Default principal: steve@EXAMPLE.COM\n"
13788
"\n"
13789
"Valid starting Expires Service principal\n"
13790
"07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n"
13791
" renew until 07/25/08 05:18:57\n"
13792
"\n"
13793
"\n"
13794
"Kerberos 4 ticket cache: /tmp/tkt1000\n"
13795
"klist: You have no tickets cached"
13796
msgstr ""
13797
13798
#: serverguide/C/network-auth.xml:2220(para)
13799
msgid ""
13800
"Next, use the <application>auth-client-config</application> to configure the "
13801
"<application>libpam-krb5</application> module to request a ticket during "
13802
"login:"
13803
msgstr ""
13804
13805
#: serverguide/C/network-auth.xml:2226(command)
8741
msgid "Ticket cache: FILE:/tmp/krb5cc_1000\nDefault principal: steve@EXAMPLE.COM\n\nValid starting Expires Service principal\n07/24/08 05:18:56 07/24/08 15:18:56 krbtgt/EXAMPLE.COM@EXAMPLE.COM\n renew until 07/25/08 05:18:57\n\n\nKerberos 4 ticket cache: /tmp/tkt1000\nklist: You have no tickets cached"
8742
msgstr ""
8743
8744
#: serverguide/C/network-auth.xml:2350(para)
8745
msgid "Next, use the <application>auth-client-config</application> to configure the <application>libpam-krb5</application> module to request a ticket during login:"
8746
msgstr ""
8747
8748
#: serverguide/C/network-auth.xml:2356(command)
13806
8749
msgid "sudo auth-client-config -a -p kerberos_example"
13807
8750
msgstr ""
13808
8751
13809
#: serverguide/C/network-auth.xml:2229(para)
13810
msgid ""
13811
"You will should now receive a ticket upon successful login authentication."
13812
msgstr ""
13813
13814
#: serverguide/C/network-auth.xml:2240(para)
13815
msgid ""
13816
"For more information on Kerberos see the <ulink "
13817
"url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
13818
msgstr ""
13819
13820
#: serverguide/C/network-auth.xml:2245(para)
13821
msgid ""
13822
"O'Reilly's <ulink "
13823
"url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive "
13824
"Guide</ulink> is a great reference when setting up Kerberos."
13825
msgstr ""
13826
13827
#: serverguide/C/network-auth.xml:2251(para)
13828
msgid ""
13829
"Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC "
13830
"channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have "
13831
"Kerberos questions."
13832
msgstr ""
13833
13834
#: serverguide/C/network-auth.xml:2261(title)
8752
#: serverguide/C/network-auth.xml:2359(para)
8753
msgid "You will should now receive a ticket upon successful login authentication."
8754
msgstr ""
8755
8756
#: serverguide/C/network-auth.xml:2370(para)
8757
msgid "For more information on Kerberos see the <ulink url=\"http://web.mit.edu/Kerberos/\">MIT Kerberos</ulink> site."
8758
msgstr ""
8759
8760
#: serverguide/C/network-auth.xml:2375(para)
8761
msgid "O'Reilly's <ulink url=\"http://oreilly.com/catalog/9780596004033/\">Kerberos: The Definitive Guide</ulink> is a great reference when setting up Kerberos."
8762
msgstr ""
8763
8764
#: serverguide/C/network-auth.xml:2381(para)
8765
msgid "Also, feel free to stop by the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url=\"http://freenode.net/\">Freenode</ulink> if you have Kerberos questions."
8766
msgstr ""
8767
8768
#: serverguide/C/network-auth.xml:2391(title)
13835
8769
msgid "Kerberos and LDAP"
13836
8770
msgstr ""
13837
8771
13838
#: serverguide/C/network-auth.xml:2263(para)
13839
msgid ""
13840
"Replicating a Kerberos principal database between two servers can be "
13841
"complicated, and adds an additional user database to your network. "
13842
"Fortunately, MIT Kerberos can be configured to use an "
13843
"<application>LDAP</application> directory as a principal database. This "
13844
"section covers configuring a primary and secondary kerberos server to use "
13845
"<application>OpenLDAP</application> for the principal database."
8772
#: serverguide/C/network-auth.xml:2393(para)
8773
msgid "Replicating a Kerberos principal database between two servers can be complicated, and adds an additional user database to your network. Fortunately, MIT Kerberos can be configured to use an <application>LDAP</application> directory as a principal database. This section covers configuring a primary and secondary kerberos server to use <application>OpenLDAP</application> for the principal database."
13846
8774
msgstr ""
13847
8775
13848
#: serverguide/C/network-auth.xml:2271(title)
8776
#: serverguide/C/network-auth.xml:2401(title)
13849
8777
msgid "Configuring OpenLDAP"
13850
8778
msgstr ""
13851
8779
13852
#: serverguide/C/network-auth.xml:2273(para)
13853
msgid ""
13854
"First, the necessary <emphasis>schema</emphasis> needs to be loaded on an "
13855
"<application>OpenLDAP</application> server that has network connectivity to "
13856
"the Primary and Secondary KDCs. The rest of this section assumes that you "
13857
"also have LDAP replication configured between at least two servers. For "
13858
"information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
13859
msgstr ""
13860
13861
#: serverguide/C/network-auth.xml:2280(para)
13862
msgid ""
13863
"It is also required to configure OpenLDAP for TLS and SSL connections, so "
13864
"that traffic between the KDC and LDAP server is encrypted. See <xref "
13865
"linkend=\"openldap-tls\"/> for details."
13866
msgstr ""
13867
13868
#: serverguide/C/network-auth.xml:2287(para)
13869
msgid ""
13870
"To load the schema into LDAP, on the LDAP server install the "
13871
"<application>krb5-kdc-ldap</application> package. From a terminal enter:"
13872
msgstr ""
13873
13874
#: serverguide/C/network-auth.xml:2293(command)
8780
#: serverguide/C/network-auth.xml:2403(para)
8781
msgid "First, the necessary <emphasis>schema</emphasis> needs to be loaded on an <application>OpenLDAP</application> server that has network connectivity to the Primary and Secondary KDCs. The rest of this section assumes that you also have LDAP replication configured between at least two servers. For information on setting up OpenLDAP see <xref linkend=\"openldap-server\"/>."
8782
msgstr ""
8783
8784
#: serverguide/C/network-auth.xml:2410(para)
8785
msgid "It is also required to configure OpenLDAP for TLS and SSL connections, so that traffic between the KDC and LDAP server is encrypted. See <xref linkend=\"openldap-tls\"/> for details."
8786
msgstr ""
8787
8788
#: serverguide/C/network-auth.xml:2417(para)
8789
msgid "To load the schema into LDAP, on the LDAP server install the <application>krb5-kdc-ldap</application> package. From a terminal enter:"
8790
msgstr ""
8791
8792
#: serverguide/C/network-auth.xml:2423(command)
13875
8793
msgid "sudo apt-get install krb5-kdc-ldap"
13876
8794
msgstr ""
13877
8795
13878
#: serverguide/C/network-auth.xml:2298(para)
8796
#: serverguide/C/network-auth.xml:2428(para)
13879
8797
msgid "Next, extract the <filename>kerberos.schema.gz</filename> file:"
13880
8798
msgstr ""
13881
8799
13882
#: serverguide/C/network-auth.xml:2303(command)
8800
#: serverguide/C/network-auth.xml:2433(command)
13883
8801
msgid "sudo gzip -d /usr/share/doc/krb5-kdc-ldap/kerberos.schema.gz"
13884
8802
msgstr ""
13885
8803
13886
#: serverguide/C/network-auth.xml:2304(command)
13887
msgid ""
13888
"sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
13889
msgstr ""
13890
13891
#: serverguide/C/network-auth.xml:2310(para)
13892
msgid ""
13893
"The <emphasis>kerberos</emphasis> schema needs to be added to the "
13894
"<emphasis>cn=config</emphasis> tree. The procedure to add a new schema to "
13895
"<application>slapd</application> is also detailed in <xref "
13896
"linkend=\"openldap-configuration\"/>."
13897
msgstr ""
13898
13899
#: serverguide/C/network-auth.xml:2323(programlisting)
8804
#: serverguide/C/network-auth.xml:2434(command)
8805
msgid "sudo cp /usr/share/doc/krb5-kdc-ldap/kerberos.schema /etc/ldap/schema/"
8806
msgstr ""
8807
8808
#: serverguide/C/network-auth.xml:2440(para)
8809
msgid "The <emphasis>kerberos</emphasis> schema needs to be added to the <emphasis>cn=config</emphasis> tree. The procedure to add a new schema to <application>slapd</application> is also detailed in <xref linkend=\"openldap-configuration\"/>."
8810
msgstr ""
8811
8812
#: serverguide/C/network-auth.xml:2453(programlisting)
13900
8813
#, no-wrap
13901
msgid ""
13902
"\n"
13903
"include /etc/ldap/schema/core.schema\n"
13904
"include /etc/ldap/schema/collective.schema\n"
13905
"include /etc/ldap/schema/corba.schema\n"
13906
"include /etc/ldap/schema/cosine.schema\n"
13907
"include /etc/ldap/schema/duaconf.schema\n"
13908
"include /etc/ldap/schema/dyngroup.schema\n"
13909
"include /etc/ldap/schema/inetorgperson.schema\n"
13910
"include /etc/ldap/schema/java.schema\n"
13911
"include /etc/ldap/schema/misc.schema\n"
13912
"include /etc/ldap/schema/nis.schema\n"
13913
"include /etc/ldap/schema/openldap.schema\n"
13914
"include /etc/ldap/schema/ppolicy.schema\n"
13915
"include /etc/ldap/schema/kerberos.schema\n"
8814
msgid "\ninclude /etc/ldap/schema/core.schema\ninclude /etc/ldap/schema/collective.schema\ninclude /etc/ldap/schema/corba.schema\ninclude /etc/ldap/schema/cosine.schema\ninclude /etc/ldap/schema/duaconf.schema\ninclude /etc/ldap/schema/dyngroup.schema\ninclude /etc/ldap/schema/inetorgperson.schema\ninclude /etc/ldap/schema/java.schema\ninclude /etc/ldap/schema/misc.schema\ninclude /etc/ldap/schema/nis.schema\ninclude /etc/ldap/schema/openldap.schema\ninclude /etc/ldap/schema/ppolicy.schema\ninclude /etc/ldap/schema/kerberos.schema\n"
13916
8815
msgstr ""
13917
8816
13918
#: serverguide/C/network-auth.xml:2343(para)
8817
#: serverguide/C/network-auth.xml:2473(para)
13919
8818
msgid "Create a temporary directory to hold the LDIF files:"
13920
8819
msgstr ""
13921
8820
13922
#: serverguide/C/network-auth.xml:2358(command)
13923
msgid ""
13924
"slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "
13925
"\"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
13926
msgstr ""
13927
13928
#: serverguide/C/network-auth.xml:2368(para)
13929
msgid ""
13930
"Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, "
13931
"changing the following attributes:"
13932
msgstr ""
13933
13934
#: serverguide/C/network-auth.xml:2372(programlisting)
8821
#: serverguide/C/network-auth.xml:2488(command)
8822
msgid "slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s \"cn={12}kerberos,cn=schema,cn=config\" > /tmp/cn=kerberos.ldif"
8823
msgstr ""
8824
8825
#: serverguide/C/network-auth.xml:2498(para)
8826
msgid "Edit the generated <filename>/tmp/cn\\=kerberos.ldif</filename> file, changing the following attributes:"
8827
msgstr ""
8828
8829
#: serverguide/C/network-auth.xml:2502(programlisting)
13935
8830
#, no-wrap
13936
msgid ""
13937
"\n"
13938
"dn: cn=kerberos,cn=schema,cn=config\n"
13939
"...\n"
13940
"cn: kerberos\n"
8831
msgid "\ndn: cn=kerberos,cn=schema,cn=config\n...\ncn: kerberos\n"
13941
8832
msgstr ""
13942
8833
13943
#: serverguide/C/network-auth.xml:2378(para)
8834
#: serverguide/C/network-auth.xml:2508(para)
13944
8835
msgid "And remove the following lines from the end of the file:"
13945
8836
msgstr ""
13946
8837
13947
#: serverguide/C/network-auth.xml:2382(programlisting)
8838
#: serverguide/C/network-auth.xml:2512(programlisting)
13948
8839
#, no-wrap
13949
msgid ""
13950
"\n"
13951
"structuralObjectClass: olcSchemaConfig\n"
13952
"entryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\n"
13953
"creatorsName: cn=config\n"
13954
"createTimestamp: 20090111203515Z\n"
13955
"entryCSN: 20090111203515.326445Z#000000#000#000000\n"
13956
"modifiersName: cn=config\n"
13957
"modifyTimestamp: 20090111203515Z\n"
8840
msgid "\nstructuralObjectClass: olcSchemaConfig\nentryUUID: 18ccd010-746b-102d-9fbe-3760cca765dc\ncreatorsName: cn=config\ncreateTimestamp: 20090111203515Z\nentryCSN: 20090111203515.326445Z#000000#000#000000\nmodifiersName: cn=config\nmodifyTimestamp: 20090111203515Z\n"
13958
8841
msgstr ""
13959
8842
13960
#: serverguide/C/network-auth.xml:2401(para)
8843
#: serverguide/C/network-auth.xml:2531(para)
13961
8844
msgid "Load the new schema with <application>ldapadd</application>:"
13962
8845
msgstr ""
13963
8846
13964
#: serverguide/C/network-auth.xml:2406(command)
8847
#: serverguide/C/network-auth.xml:2536(command)
13965
8848
msgid "ldapadd -x -D cn=admin,cn=config -W -f /tmp/cn\\=kerberos.ldif"
13966
8849
msgstr ""
13967
8850
13968
#: serverguide/C/network-auth.xml:2412(para)
13969
msgid ""
13970
"Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
8851
#: serverguide/C/network-auth.xml:2542(para)
8852
msgid "Add an index for the <emphasis>krb5principalname</emphasis> attribute:"
13971
8853
msgstr ""
13972
8854
13973
#: serverguide/C/network-auth.xml:2419(userinput)
8855
#: serverguide/C/network-auth.xml:2549(userinput)
13974
8856
#, no-wrap
13975
msgid ""
13976
"dn: olcDatabase={1}hdb,cn=config\n"
13977
"add: olcDbIndex\n"
13978
"olcDbIndex: krbPrincipalName eq,pres,sub"
8857
msgid "dn: olcDatabase={1}hdb,cn=config\nadd: olcDbIndex\nolcDbIndex: krbPrincipalName eq,pres,sub"
13979
8858
msgstr ""
13980
8859
13981
#: serverguide/C/network-auth.xml:2429(para)
8860
#: serverguide/C/network-auth.xml:2559(para)
13982
8861
msgid "Finally, update the Access Control Lists (ACL):"
13983
8862
msgstr ""
13984
8863
13985
#: serverguide/C/network-auth.xml:2436(userinput)
13986
#, no-wrap
13987
msgid ""
13988
"dn: olcDatabase={1}hdb,cn=config\n"
13989
"replace: olcAccess\n"
13990
"olcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by "
13991
"dn=\"cn=admin,dc=exampl\n"
13992
" e,dc=com\" write by anonymous auth by self write by * none\n"
13993
"-\n"
13994
"add: olcAccess\n"
13995
"olcAccess: to dn.base=\"\" by * read\n"
13996
"-\n"
13997
"add: olcAccess\n"
13998
"olcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
13999
msgstr ""
14000
14001
#: serverguide/C/network-auth.xml:2435(computeroutput)
14002
#, no-wrap
14003
msgid ""
14004
"Enter LDAP Password: \n"
14005
"<placeholder-1/>\n"
14006
"\n"
14007
"modifying entry \"olcDatabase={1}hdb,cn=config\"\n"
14008
msgstr ""
14009
14010
#: serverguide/C/network-auth.xml:2456(para)
14011
msgid ""
14012
"That's it, your LDAP directory is now ready to serve as a Kerberos principal "
14013
"database."
14014
msgstr ""
14015
14016
#: serverguide/C/network-auth.xml:2462(title)
8864
#: serverguide/C/network-auth.xml:2566(userinput)
8865
#, no-wrap
8866
msgid "dn: olcDatabase={1}hdb,cn=config\nreplace: olcAccess\nolcAccess: to attrs=userPassword,shadowLastChange,krbPrincipalKey by dn=\"cn=admin,dc=exampl\n e,dc=com\" write by anonymous auth by self write by * none\n-\nadd: olcAccess\nolcAccess: to dn.base=\"\" by * read\n-\nadd: olcAccess\nolcAccess: to * by dn=\"cn=admin,dc=example,dc=com\" write by * read"
8867
msgstr ""
8868
8869
#: serverguide/C/network-auth.xml:2565(computeroutput)
8870
#, no-wrap
8871
msgid "Enter LDAP Password: \n<placeholder-1/>\n\nmodifying entry \"olcDatabase={1}hdb,cn=config\"\n"
8872
msgstr ""
8873
8874
#: serverguide/C/network-auth.xml:2586(para)
8875
msgid "That's it, your LDAP directory is now ready to serve as a Kerberos principal database."
8876
msgstr ""
8877
8878
#: serverguide/C/network-auth.xml:2592(title)
14017
8879
msgid "Primary KDC Configuration"
14018
8880
msgstr ""
14019
8881
14020
#: serverguide/C/network-auth.xml:2464(para)
14021
msgid ""
14022
"With <application>OpenLDAP</application> configured it is time to configure "
14023
"the KDC."
8882
#: serverguide/C/network-auth.xml:2594(para)
8883
msgid "With <application>OpenLDAP</application> configured it is time to configure the KDC."
14024
8884
msgstr ""
14025
8885
14026
#: serverguide/C/network-auth.xml:2470(para)
8886
#: serverguide/C/network-auth.xml:2600(para)
14027
8887
msgid "First, install the necessary packages, from a terminal enter:"
14028
8888
msgstr ""
14029
8889
14030
#: serverguide/C/network-auth.xml:2475(command) serverguide/C/network-auth.xml:2632(command)
8890
#: serverguide/C/network-auth.xml:2605(command) serverguide/C/network-auth.xml:2762(command)
14031
8891
msgid "sudo apt-get install krb5-kdc krb5-admin-server krb5-kdc-ldap"
14032
8892
msgstr ""
14033
8893
14034
#: serverguide/C/network-auth.xml:2481(para)
14035
msgid ""
14036
"Now edit <filename>/etc/krb5.conf</filename> adding the following options to "
14037
"under the appropriate sections:"
8894
#: serverguide/C/network-auth.xml:2611(para)
8895
msgid "Now edit <filename>/etc/krb5.conf</filename> adding the following options to under the appropriate sections:"
14038
8896
msgstr ""
14039
8897
14040
#: serverguide/C/network-auth.xml:2485(programlisting)
8898
#: serverguide/C/network-auth.xml:2615(programlisting)
14041
8899
#, no-wrap
14042
msgid ""
14043
"\n"
14044
"[libdefaults]\n"
14045
" default_realm = EXAMPLE.COM\n"
14046
"\n"
14047
"...\n"
14048
"\n"
14049
"[realms]\n"
14050
" EXAMPLE.COM = {\n"
14051
" kdc = kdc01.example.com\n"
14052
" kdc = kdc02.example.com\n"
14053
" admin_server = kdc01.example.com\n"
14054
" admin_server = kdc02.example.com\n"
14055
" default_domain = example.com\n"
14056
" database_module = openldap_ldapconf\n"
14057
" }\n"
14058
"\n"
14059
"...\n"
14060
"\n"
14061
"[domain_realm]\n"
14062
" .example.com = EXAMPLE.COM\n"
14063
"\n"
14064
"\n"
14065
"...\n"
14066
"\n"
14067
"[dbdefaults]\n"
14068
" ldap_kerberos_container_dn = dc=example,dc=com\n"
14069
"\n"
14070
"[dbmodules]\n"
14071
" openldap_ldapconf = {\n"
14072
" db_library = kldap\n"
14073
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
14074
"\n"
14075
" # this object needs to have read rights on\n"
14076
" # the realm container, principal container and realm sub-"
14077
"trees\n"
14078
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
14079
"\n"
14080
" # this object needs to have read and write rights on\n"
14081
" # the realm container, principal container and realm sub-"
14082
"trees\n"
14083
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
14084
" ldap_servers = ldaps://ldap01.example.com "
14085
"ldaps://ldap02.example.com\n"
14086
" ldap_conns_per_server = 5\n"
14087
" }\n"
14088
msgstr ""
14089
14090
#: serverguide/C/network-auth.xml:2530(para)
14091
msgid ""
14092
"Change <emphasis>example.com</emphasis>, "
14093
"<emphasis>dc=example,dc=com</emphasis>, "
14094
"<emphasis>cn=admin,dc=example,dc=com</emphasis>, and "
14095
"<emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP "
14096
"object, and LDAP server for your network."
14097
msgstr ""
14098
14099
#: serverguide/C/network-auth.xml:2539(para)
14100
msgid ""
14101
"Next, use the <application>kdb5_ldap_util</application> utility to create "
14102
"the realm:"
14103
msgstr ""
14104
14105
#: serverguide/C/network-auth.xml:2544(command)
14106
msgid ""
14107
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees "
14108
"dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
14109
msgstr ""
14110
14111
#: serverguide/C/network-auth.xml:2550(para)
14112
msgid ""
14113
"Create a stash of the password used to bind to the LDAP server. This "
14114
"password is used by the <emphasis>ldap_kdc_dn</emphasis> and "
14115
"<emphasis>ldap_kadmin_dn</emphasis> options in "
14116
"<filename>/etc/krb5.conf</filename>:"
14117
msgstr ""
14118
14119
#: serverguide/C/network-auth.xml:2556(command) serverguide/C/network-auth.xml:2694(command)
14120
msgid ""
14121
"sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f "
14122
"/etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
14123
msgstr ""
14124
14125
#: serverguide/C/network-auth.xml:2562(para)
8900
msgid "\n[libdefaults]\n default_realm = EXAMPLE.COM\n\n...\n\n[realms]\n EXAMPLE.COM = {\n kdc = kdc01.example.com\n kdc = kdc02.example.com\n admin_server = kdc01.example.com\n admin_server = kdc02.example.com\n default_domain = example.com\n database_module = openldap_ldapconf\n }\n\n...\n\n[domain_realm]\n .example.com = EXAMPLE.COM\n\n\n...\n\n[dbdefaults]\n ldap_kerberos_container_dn = dc=example,dc=com\n\n[dbmodules]\n openldap_ldapconf = {\n db_library = kldap\n ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n\n # this object needs to have read rights on\n # the realm container, principal container and realm sub-trees\n ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n\n # this object needs to have read and write rights on\n # the realm container, principal container and realm sub-trees\n ldap_service_password_file = /etc/krb5kdc/service.keyfile\n ldap_servers = ldaps://ldap01.example.com ldaps://ldap02.example.com\n ldap_conns_per_server = 5\n }\n"
8901
msgstr ""
8902
8903
#: serverguide/C/network-auth.xml:2660(para)
8904
msgid "Change <emphasis>example.com</emphasis>, <emphasis>dc=example,dc=com</emphasis>, <emphasis>cn=admin,dc=example,dc=com</emphasis>, and <emphasis>ldap01.example.com</emphasis> to the appropriate domain, LDAP object, and LDAP server for your network."
8905
msgstr ""
8906
8907
#: serverguide/C/network-auth.xml:2669(para)
8908
msgid "Next, use the <application>kdb5_ldap_util</application> utility to create the realm:"
8909
msgstr ""
8910
8911
#: serverguide/C/network-auth.xml:2674(command)
8912
msgid "sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com create -subtrees dc=example,dc=com -r EXAMPLE.COM -s -H ldap://ldap01.example.com"
8913
msgstr ""
8914
8915
#: serverguide/C/network-auth.xml:2680(para)
8916
msgid "Create a stash of the password used to bind to the LDAP server. This password is used by the <emphasis>ldap_kdc_dn</emphasis> and <emphasis>ldap_kadmin_dn</emphasis> options in <filename>/etc/krb5.conf</filename>:"
8917
msgstr ""
8918
8919
#: serverguide/C/network-auth.xml:2686(command) serverguide/C/network-auth.xml:2824(command)
8920
msgid "sudo kdb5_ldap_util -D cn=admin,dc=example,dc=com stashsrvpw -f /etc/krb5kdc/service.keyfile cn=admin,dc=example,dc=com"
8921
msgstr ""
8922
8923
#: serverguide/C/network-auth.xml:2692(para)
14126
8924
msgid "Copy the CA certificate from the LDAP server:"
14127
8925
msgstr ""
14128
8926
14129
#: serverguide/C/network-auth.xml:2567(command)
8927
#: serverguide/C/network-auth.xml:2697(command)
14130
8928
msgid "scp ldap01:/etc/ssl/certs/cacert.pem ."
14131
8929
msgstr ""
14132
8930
14133
#: serverguide/C/network-auth.xml:2568(command)
8931
#: serverguide/C/network-auth.xml:2698(command)
14134
8932
msgid "sudo cp cacert.pem /etc/ssl/certs"
14135
8933
msgstr ""
14136
8934
14137
#: serverguide/C/network-auth.xml:2571(para)
14138
msgid ""
14139
"And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
8935
#: serverguide/C/network-auth.xml:2701(para)
8936
msgid "And edit <filename>/etc/ldap/ldap.conf</filename> to use the certificate:"
14140
8937
msgstr ""
14141
8938
14142
#: serverguide/C/network-auth.xml:2575(programlisting)
8939
#: serverguide/C/network-auth.xml:2705(programlisting)
14143
8940
#, no-wrap
14144
msgid ""
14145
"\n"
14146
"TLS_CACERT /etc/ssl/certs/cacert.pem\n"
14147
msgstr ""
14148
14149
#: serverguide/C/network-auth.xml:2580(para)
14150
msgid ""
14151
"The certificate will also need to be copied to the Secondary KDC, to allow "
14152
"the connection to the LDAP servers using LDAPS."
14153
msgstr ""
14154
14155
#: serverguide/C/network-auth.xml:2589(para)
14156
msgid ""
14157
"You can now add Kerberos principals to the LDAP database, and they will be "
14158
"copied to any other LDAP servers configured for replication. To add a "
14159
"principal using the <application>kadmin.local</application> utility enter:"
14160
msgstr ""
14161
14162
#: serverguide/C/network-auth.xml:2597(userinput)
8941
msgid "\nTLS_CACERT /etc/ssl/certs/cacert.pem\n"
8942
msgstr ""
8943
8944
#: serverguide/C/network-auth.xml:2710(para)
8945
msgid "The certificate will also need to be copied to the Secondary KDC, to allow the connection to the LDAP servers using LDAPS."
8946
msgstr ""
8947
8948
#: serverguide/C/network-auth.xml:2719(para)
8949
msgid "You can now add Kerberos principals to the LDAP database, and they will be copied to any other LDAP servers configured for replication. To add a principal using the <application>kadmin.local</application> utility enter:"
8950
msgstr ""
8951
8952
#: serverguide/C/network-auth.xml:2727(userinput)
14163
8953
#, no-wrap
14164
8954
msgid "addprinc -x dn=\"uid=steve,ou=people,dc=example,dc=com\" steve"
14165
8955
msgstr ""
14166
8956
14167
#: serverguide/C/network-auth.xml:2596(computeroutput)
8957
#: serverguide/C/network-auth.xml:2726(computeroutput)
14168
8958
#, no-wrap
14169
msgid ""
14170
"Authenticating as principal root/admin@EXAMPLE.COM with password.\n"
14171
"kadmin.local: <placeholder-1/>\n"
14172
"WARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\n"
14173
"Enter password for principal \"steve@EXAMPLE.COM\": \n"
14174
"Re-enter password for principal \"steve@EXAMPLE.COM\": \n"
14175
"Principal \"steve@EXAMPLE.COM\" created."
14176
msgstr ""
14177
14178
#: serverguide/C/network-auth.xml:2604(para)
14179
msgid ""
14180
"There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and "
14181
"krbExtraData attributes added to the "
14182
"<emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use "
14183
"the <application>kinit</application> and <application>klist</application> "
14184
"utilities to test that the user is indeed issued a ticket."
14185
msgstr ""
14186
14187
#: serverguide/C/network-auth.xml:2611(para)
14188
msgid ""
14189
"If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> "
14190
"option is needed to add the Kerberos attributes. Otherwise a new "
14191
"<emphasis>principal</emphasis> object will be created in the realm subtree."
14192
msgstr ""
14193
14194
#: serverguide/C/network-auth.xml:2619(title)
8959
msgid "Authenticating as principal root/admin@EXAMPLE.COM with password.\nkadmin.local: <placeholder-1/>\nWARNING: no policy specified for steve@EXAMPLE.COM; defaulting to no policy\nEnter password for principal \"steve@EXAMPLE.COM\": \nRe-enter password for principal \"steve@EXAMPLE.COM\": \nPrincipal \"steve@EXAMPLE.COM\" created."
8960
msgstr ""
8961
8962
#: serverguide/C/network-auth.xml:2734(para)
8963
msgid "There should now be krbPrincipalName, krbPrincipalKey, krbLastPwdChange, and krbExtraData attributes added to the <emphasis>uid=steve,ou=people,dc=example,dc=com</emphasis> user object. Use the <application>kinit</application> and <application>klist</application> utilities to test that the user is indeed issued a ticket."
8964
msgstr ""
8965
8966
#: serverguide/C/network-auth.xml:2741(para)
8967
msgid "If the user object is already created the <emphasis>-x dn=\"...\"</emphasis> option is needed to add the Kerberos attributes. Otherwise a new <emphasis>principal</emphasis> object will be created in the realm subtree."
8968
msgstr ""
8969
8970
#: serverguide/C/network-auth.xml:2749(title)
14195
8971
msgid "Secondary KDC Configuration"
14196
8972
msgstr ""
14197
8973
14198
#: serverguide/C/network-auth.xml:2621(para)
14199
msgid ""
14200
"Configuring a Secondary KDC using the LDAP backend is similar to configuring "
14201
"one using the normal Kerberos database."
8974
#: serverguide/C/network-auth.xml:2751(para)
8975
msgid "Configuring a Secondary KDC using the LDAP backend is similar to configuring one using the normal Kerberos database."
14202
8976
msgstr ""
14203
8977
14204
#: serverguide/C/network-auth.xml:2627(para)
8978
#: serverguide/C/network-auth.xml:2757(para)
14205
8979
msgid "First, install the necessary packages. In a terminal enter:"
14206
8980
msgstr ""
14207
8981
14208
#: serverguide/C/network-auth.xml:2638(para)
14209
msgid ""
14210
"Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
8982
#: serverguide/C/network-auth.xml:2768(para)
8983
msgid "Next, edit <filename>/etc/krb5.conf</filename> to use the LDAP backend:"
14211
8984
msgstr ""
14212
8985
14213
#: serverguide/C/network-auth.xml:2642(programlisting)
8986
#: serverguide/C/network-auth.xml:2772(programlisting)
14214
8987
#, no-wrap
14215
msgid ""
14216
"\n"
14217
"[libdefaults]\n"
14218
" default_realm = EXAMPLE.COM\n"
14219
"\n"
14220
"...\n"
14221
"\n"
14222
"[realms]\n"
14223
" EXAMPLE.COM = {\n"
14224
" kdc = kdc01.example.com\n"
14225
" kdc = kdc02.example.com\n"
14226
" admin_server = kdc01.example.com\n"
14227
" admin_server = kdc02.example.com\n"
14228
" default_domain = example.com\n"
14229
" database_module = openldap_ldapconf\n"
14230
" }\n"
14231
"\n"
14232
"...\n"
14233
"\n"
14234
"[domain_realm]\n"
14235
" .example.com = EXAMPLE.COM\n"
14236
"\n"
14237
"...\n"
14238
"\n"
14239
"[dbdefaults]\n"
14240
" ldap_kerberos_container_dn = dc=example,dc=com\n"
14241
"\n"
14242
"[dbmodules]\n"
14243
" openldap_ldapconf = {\n"
14244
" db_library = kldap\n"
14245
" ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n"
14246
"\n"
14247
" # this object needs to have read rights on\n"
14248
" # the realm container, principal container and realm sub-"
14249
"trees\n"
14250
" ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n"
14251
"\n"
14252
" # this object needs to have read and write rights on\n"
14253
" # the realm container, principal container and realm sub-"
14254
"trees\n"
14255
" ldap_service_password_file = /etc/krb5kdc/service.keyfile\n"
14256
" ldap_servers = ldaps://ldap01.example.com "
14257
"ldaps://ldap02.example.com\n"
14258
" ldap_conns_per_server = 5\n"
14259
" }\n"
8988
msgid "\n[libdefaults]\n default_realm = EXAMPLE.COM\n\n...\n\n[realms]\n EXAMPLE.COM = {\n kdc = kdc01.example.com\n kdc = kdc02.example.com\n admin_server = kdc01.example.com\n admin_server = kdc02.example.com\n default_domain = example.com\n database_module = openldap_ldapconf\n }\n\n...\n\n[domain_realm]\n .example.com = EXAMPLE.COM\n\n...\n\n[dbdefaults]\n ldap_kerberos_container_dn = dc=example,dc=com\n\n[dbmodules]\n openldap_ldapconf = {\n db_library = kldap\n ldap_kdc_dn = \"cn=admin,dc=example,dc=com\"\n\n # this object needs to have read rights on\n # the realm container, principal container and realm sub-trees\n ldap_kadmind_dn = \"cn=admin,dc=example,dc=com\"\n\n # this object needs to have read and write rights on\n # the realm container, principal container and realm sub-trees\n ldap_service_password_file = /etc/krb5kdc/service.keyfile\n ldap_servers = ldaps://ldap01.example.com ldaps://ldap02.example.com\n ldap_conns_per_server = 5\n }\n"
14260
8989
msgstr ""
14261
8990
14262
#: serverguide/C/network-auth.xml:2689(para)
8991
#: serverguide/C/network-auth.xml:2819(para)
14263
8992
msgid "Create the stash for the LDAP bind password:"
14264
8993
msgstr ""
14265
8994
14266
#: serverguide/C/network-auth.xml:2700(para)
14267
msgid ""
14268
"Now, on the <emphasis>Primary KDC</emphasis> copy the "
14269
"<filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master "
14270
"Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an "
14271
"encrypted connection such as <application>scp</application>, or on physical "
14272
"media."
8995
#: serverguide/C/network-auth.xml:2830(para)
8996
msgid "Now, on the <emphasis>Primary KDC</emphasis> copy the <filename>/etc/krb5kdc/.k5.EXAMPLE.COM</filename><emphasis>Master Key</emphasis> stash to the Secondary KDC. Be sure to copy the file over an encrypted connection such as <application>scp</application>, or on physical media."
14273
8997
msgstr ""
14274
8998
14275
#: serverguide/C/network-auth.xml:2707(command)
8999
#: serverguide/C/network-auth.xml:2837(command)
14276
9000
msgid "sudo scp /etc/krb5kdc/.k5.EXAMPLE.COM steve@kdc02.example.com:~"
14277
9001
msgstr ""
14278
9002
14279
#: serverguide/C/network-auth.xml:2708(command)
9003
#: serverguide/C/network-auth.xml:2838(command)
14280
9004
msgid "sudo mv .k5.EXAMPLE.COM /etc/krb5kdc/"
14281
9005
msgstr ""
14282
9006
14283
#: serverguide/C/network-auth.xml:2712(para)
14284
msgid ""
14285
"Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
9007
#: serverguide/C/network-auth.xml:2842(para)
9008
msgid "Again, replace <emphasis>EXAMPLE.COM</emphasis> with your actual realm."
14286
9009
msgstr ""
14287
9010
14288
#: serverguide/C/network-auth.xml:2720(para)
9011
#: serverguide/C/network-auth.xml:2850(para)
14289
9012
msgid "Finally, start the <application>krb5-kdc</application> daemon:"
14290
9013
msgstr ""
14291
9014
14292
#: serverguide/C/network-auth.xml:2731(para)
14293
msgid ""
14294
"You now have redundant KDCs on your network, and with redundant LDAP servers "
14295
"you should be able to continue to authenticate users if one LDAP server, one "
14296
"Kerberos server, or one LDAP and one Kerberos server become unavailable."
14297
msgstr ""
14298
14299
#: serverguide/C/network-auth.xml:2743(para)
14300
msgid ""
14301
"The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14302
"admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin "
14303
"Guide</ulink> has some additional details."
14304
msgstr ""
14305
14306
#: serverguide/C/network-auth.xml:2749(para)
14307
msgid ""
14308
"For more information on <application>kdb5_ldap_util</application> see <ulink "
14309
"url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-"
14310
"admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section "
14311
"5.6</ulink> and the <ulink "
14312
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/kdb5_ldap_util.8.htm"
14313
"l\">kdb5_ldap_util man page</ulink>."
14314
msgstr ""
14315
14316
#: serverguide/C/network-auth.xml:2757(para)
14317
msgid ""
14318
"Another useful link is the <ulink "
14319
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">k"
14320
"rb5.conf man page</ulink>."
9015
#: serverguide/C/network-auth.xml:2861(para)
9016
msgid "You now have redundant KDCs on your network, and with redundant LDAP servers you should be able to continue to authenticate users if one LDAP server, one Kerberos server, or one LDAP and one Kerberos server become unavailable."
9017
msgstr ""
9018
9019
#: serverguide/C/network-auth.xml:2873(para)
9020
msgid "The <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Configuring-Kerberos-with-OpenLDAP-back_002dend\"> Kerberos Admin Guide</ulink> has some additional details."
9021
msgstr ""
9022
9023
#: serverguide/C/network-auth.xml:2879(para)
9024
msgid "For more information on <application>kdb5_ldap_util</application> see <ulink url=\"http://web.mit.edu/Kerberos/krb5-1.6/krb5-1.6.3/doc/krb5-admin.html#Global-Operations-on-the-Kerberos-LDAP-Database\"> Section 5.6</ulink> and the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/kdb5_ldap_util.8.html\">kdb5_ldap_util man page</ulink>."
9025
msgstr ""
9026
9027
#: serverguide/C/network-auth.xml:2887(para)
9028
msgid "Another useful link is the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/krb5.conf.5.html\">krb5.conf man page</ulink>."
14321
9029
msgstr ""
14322
9030
14323
9031
#: serverguide/C/monitoring.xml:13(title)
14325
9033
msgstr ""
14326
9034
14327
9035
#: serverguide/C/monitoring.xml:17(para)
14328
msgid ""
14329
"The monitoring of essential servers and services is an important part of "
14330
"system administration. Most network services are monitored for performance, "
14331
"availability, or both. This section will cover installation and "
14332
"configuration of <application>Nagios</application> for availability "
14333
"monitoring, and <application>Munin</application> for performance monitoring."
9036
msgid "The monitoring of essential servers and services is an important part of system administration. Most network services are monitored for performance, availability, or both. This section will cover installation and configuration of <application>Nagios</application> for availability monitoring, and <application>Munin</application> for performance monitoring."
14334
9037
msgstr ""
14335
9038
14336
9039
#: serverguide/C/monitoring.xml:24(para)
14337
msgid ""
14338
"The examples in this section will use two servers with hostnames "
14339
"<emphasis>server01</emphasis> and <emphasis>server02</emphasis>. "
14340
"<emphasis>Server01</emphasis> will be configured with "
14341
"<application>Nagios</application> to monitor services on itself and "
14342
"<emphasis>server02</emphasis>. Server01 will also be setup with the "
14343
"<application>munin</application> package to gather information from the "
14344
"network. Using the <application>munin-node</application> package, "
14345
"<emphasis>server02</emphasis> will be configured to send information to "
14346
"<emphasis>server01</emphasis>."
9040
msgid "The examples in this section will use two servers with hostnames <emphasis>server01</emphasis> and <emphasis>server02</emphasis>. <emphasis>Server01</emphasis> will be configured with <application>Nagios</application> to monitor services on itself and <emphasis>server02</emphasis>. Server01 will also be setup with the <application>munin</application> package to gather information from the network. Using the <application>munin-node</application> package, <emphasis>server02</emphasis> will be configured to send information to <emphasis>server01</emphasis>."
14347
9041
msgstr ""
14348
9042
14349
9043
#: serverguide/C/monitoring.xml:33(para)
14350
msgid ""
14351
"Hopefully these simple examples will allow you to monitor additional servers "
14352
"and services on your network."
9044
msgid "Hopefully these simple examples will allow you to monitor additional servers and services on your network."
14353
9045
msgstr ""
14354
9046
14355
9047
#: serverguide/C/monitoring.xml:39(title)
14357
9049
msgstr ""
14358
9050
14359
9051
#: serverguide/C/monitoring.xml:44(para)
14360
msgid ""
14361
"First, on <emphasis>server01</emphasis> install the "
14362
"<application>nagios</application> package. In a terminal enter:"
9052
msgid "First, on <emphasis>server01</emphasis> install the <application>nagios</application> package. In a terminal enter:"
14363
9053
msgstr ""
14364
9054
14365
9055
#: serverguide/C/monitoring.xml:50(command)
14367
9057
msgstr ""
14368
9058
14369
9059
#: serverguide/C/monitoring.xml:53(para)
14370
msgid ""
14371
"You will be asked to enter a password for the "
14372
"<emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in "
14373
"<filename>/etc/nagios3/htpasswd.users</filename>. To change the "
14374
"<emphasis>nagiosadmin</emphasis> password, or add additional users to the "
14375
"Nagios CGI scripts, use the <application>htpasswd</application> that is part "
14376
"of the <application>apache2-utils</application> package."
9060
msgid "You will be asked to enter a password for the <emphasis>nagiosadmin</emphasis> user. The user's credentials are stored in <filename>/etc/nagios3/htpasswd.users</filename>. To change the <emphasis>nagiosadmin</emphasis> password, or add additional users to the Nagios CGI scripts, use the <application>htpasswd</application> that is part of the <application>apache2-utils</application> package."
14377
9061
msgstr ""
14378
9062
14379
9063
#: serverguide/C/monitoring.xml:60(para)
14380
msgid ""
14381
"For example, to change the password for the <emphasis>nagiosadmin</emphasis> "
14382
"user enter:"
9064
msgid "For example, to change the password for the <emphasis>nagiosadmin</emphasis> user enter:"
14383
9065
msgstr ""
14384
9066
14385
9067
#: serverguide/C/monitoring.xml:65(command)
14395
9077
msgstr ""
14396
9078
14397
9079
#: serverguide/C/monitoring.xml:76(para)
14398
msgid ""
14399
"Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-"
14400
"server</application> package. From a terminal on server02 enter:"
9080
msgid "Next, on <emphasis>server02</emphasis> install the <application>nagios-nrpe-server</application> package. From a terminal on server02 enter:"
14401
9081
msgstr ""
14402
9082
14403
9083
#: serverguide/C/monitoring.xml:82(command)
14405
9085
msgstr ""
14406
9086
14407
9087
#: serverguide/C/monitoring.xml:86(para)
14408
msgid ""
14409
"<application>NRPE</application> allows you to execute local checks on remote "
14410
"hosts. There are other ways of accomplishing this through other Nagios "
14411
"plugins as well as other checks."
9088
msgid "<application>NRPE</application> allows you to execute local checks on remote hosts. There are other ways of accomplishing this through other Nagios plugins as well as other checks."
14412
9089
msgstr ""
14413
9090
14414
9091
#: serverguide/C/monitoring.xml:94(title)
14416
9093
msgstr ""
14417
9094
14418
9095
#: serverguide/C/monitoring.xml:96(para)
14419
msgid ""
14420
"There are a couple of directories containing "
14421
"<application>Nagios</application> configuration and check files."
9096
msgid "There are a couple of directories containing <application>Nagios</application> configuration and check files."
14422
9097
msgstr ""
14423
9098
14424
9099
#: serverguide/C/monitoring.xml:102(para)
14425
msgid ""
14426
"<filename>/etc/nagios3</filename>: contains configuration files for the "
14427
"operation of the <application>nagios</application> daemon, CGI files, hosts, "
14428
"etc."
9100
msgid "<filename>/etc/nagios3</filename>: contains configuration files for the operation of the <application>nagios</application> daemon, CGI files, hosts, etc."
14429
9101
msgstr ""
14430
9102
14431
9103
#: serverguide/C/monitoring.xml:108(para)
14432
msgid ""
14433
"<filename>/etc/nagios-plugins</filename>: houses configuration files for the "
14434
"service checks."
9104
msgid "<filename>/etc/nagios-plugins</filename>: houses configuration files for the service checks."
14435
9105
msgstr ""
14436
9106
14437
9107
#: serverguide/C/monitoring.xml:113(para)
14438
msgid ""
14439
"<filename>/etc/nagios</filename>: on the remote host contains the "
14440
"<application>nagios-nrpe-server</application> configuration files."
9108
msgid "<filename>/etc/nagios</filename>: on the remote host contains the <application>nagios-nrpe-server</application> configuration files."
14441
9109
msgstr ""
14442
9110
14443
9111
#: serverguide/C/monitoring.xml:118(para)
14444
msgid ""
14445
"<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are "
14446
"stored. To see the options of a check use the <emphasis>-h</emphasis> option."
9112
msgid "<filename>/usr/lib/nagios/plugins/</filename>: where the check binaries are stored. To see the options of a check use the <emphasis>-h</emphasis> option."
14447
9113
msgstr ""
14448
9114
14449
9115
#: serverguide/C/monitoring.xml:123(para)
14451
9117
msgstr ""
14452
9118
14453
9119
#: serverguide/C/monitoring.xml:129(para)
14454
msgid ""
14455
"There are a plethora of checks <application>Nagios</application> can be "
14456
"configured to execute for any given host. For this example Nagios will be "
14457
"configured to check disk space, DNS, and a MySQL hostgroup. The DNS check "
14458
"will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will "
14459
"include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
9120
msgid "There are a plethora of checks <application>Nagios</application> can be configured to execute for any given host. For this example Nagios will be configured to check disk space, DNS, and a MySQL hostgroup. The DNS check will be on <emphasis>server02</emphasis>, and the MySQL hostgroup will include both <emphasis>server01</emphasis> and <emphasis>server02</emphasis>."
14460
9121
msgstr ""
14461
9122
14462
9123
#: serverguide/C/monitoring.xml:136(para)
14463
msgid ""
14464
"See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref "
14465
"linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
9124
msgid "See <xref linkend=\"httpd\"/> for details on setting up Apache, <xref linkend=\"dns\"/> for DNS, and <xref linkend=\"mysql\"/> for MySQL."
14466
9125
msgstr ""
14467
9126
14468
9127
#: serverguide/C/monitoring.xml:141(para)
14469
msgid ""
14470
"Additionally, there are some terms that once explained will hopefully make "
14471
"understanding Nagios configuration easier:"
9128
msgid "Additionally, there are some terms that once explained will hopefully make understanding Nagios configuration easier:"
14472
9129
msgstr ""
14473
9130
14474
9131
#: serverguide/C/monitoring.xml:147(para)
14475
msgid ""
14476
"<emphasis>Host</emphasis>: a server, workstation, network device, etc that "
14477
"is being monitored."
9132
msgid "<emphasis>Host</emphasis>: a server, workstation, network device, etc that is being monitored."
14478
9133
msgstr ""
14479
9134
14480
9135
#: serverguide/C/monitoring.xml:152(para)
14481
msgid ""
14482
"<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you "
14483
"could group all web servers, file server, etc."
9136
msgid "<emphasis>Host Group</emphasis>: a group of similar hosts. For example, you could group all web servers, file server, etc."
14484
9137
msgstr ""
14485
9138
14486
9139
#: serverguide/C/monitoring.xml:157(para)
14487
msgid ""
14488
"<emphasis>Service</emphasis>: the service being monitored on the host. Such "
14489
"as HTTP, DNS, NFS, etc."
9140
msgid "<emphasis>Service</emphasis>: the service being monitored on the host. Such as HTTP, DNS, NFS, etc."
14490
9141
msgstr ""
14491
9142
14492
9143
#: serverguide/C/monitoring.xml:162(para)
14493
msgid ""
14494
"<emphasis>Service Group</emphasis>: allows you to group multiple services "
14495
"together. This is useful for grouping multiple HTTP for example."
9144
msgid "<emphasis>Service Group</emphasis>: allows you to group multiple services together. This is useful for grouping multiple HTTP for example."
14496
9145
msgstr ""
14497
9146
14498
9147
#: serverguide/C/monitoring.xml:168(para)
14499
msgid ""
14500
"<emphasis>Contact</emphasis>: person to be notified when an event takes "
14501
"place. Nagios can be configured to send emails, SMS messages, etc."
9148
msgid "<emphasis>Contact</emphasis>: person to be notified when an event takes place. Nagios can be configured to send emails, SMS messages, etc."
14502
9149
msgstr ""
14503
9150
14504
9151
#: serverguide/C/monitoring.xml:174(para)
14505
msgid ""
14506
"By default Nagios is configured to check HTTP, disk space, SSH, current "
14507
"users, processes, and load on the <emphasis>localhost</emphasis>. Nagios "
14508
"will also <application>ping</application> check the "
14509
"<emphasis>gateway</emphasis>."
9152
msgid "By default Nagios is configured to check HTTP, disk space, SSH, current users, processes, and load on the <emphasis>localhost</emphasis>. Nagios will also <application>ping</application> check the <emphasis>gateway</emphasis>."
14510
9153
msgstr ""
14511
9154
14512
9155
#: serverguide/C/monitoring.xml:179(para)
14513
msgid ""
14514
"Large Nagios installations can be quite complex to configure. It is usually "
14515
"best to start small, one or two hosts, get things configured the way you "
14516
"like then expand."
9156
msgid "Large Nagios installations can be quite complex to configure. It is usually best to start small, one or two hosts, get things configured the way you like then expand."
14517
9157
msgstr ""
14518
9158
14519
9159
#: serverguide/C/monitoring.xml:194(para)
14520
msgid ""
14521
"First, create a <emphasis>host</emphasis> configuration file for "
14522
"<emphasis>server02</emphasis>. In a terminal enter:"
9160
msgid "First, create a <emphasis>host</emphasis> configuration file for <emphasis>server02</emphasis>. In a terminal enter:"
14523
9161
msgstr ""
14524
9162
14525
9163
#: serverguide/C/monitoring.xml:199(command)
14526
msgid ""
14527
"sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg "
14528
"/etc/nagios3/conf.d/server02.cfg"
9164
msgid "sudo cp /etc/nagios3/conf.d/localhost_nagios2.cfg /etc/nagios3/conf.d/server02.cfg"
14529
9165
msgstr ""
14530
9166
14531
9167
#: serverguide/C/monitoring.xml:203(para)
14532
msgid ""
14533
"In the above and following command examples, replace "
14534
"<emphasis>\"server01\"</emphasis>, "
14535
"<emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and "
14536
"<emphasis>172.18.100.101</emphasis> with the host names and IP addresses of "
14537
"your servers."
9168
msgid "In the above and following command examples, replace <emphasis>\"server01\"</emphasis>, <emphasis>\"server02\"</emphasis><emphasis>172.18.100.100</emphasis>, and <emphasis>172.18.100.101</emphasis> with the host names and IP addresses of your servers."
14538
9169
msgstr ""
14539
9170
14540
9171
#: serverguide/C/monitoring.xml:212(para)
14543
9174
14544
9175
#: serverguide/C/monitoring.xml:216(programlisting)
14545
9176
#, no-wrap
14546
msgid ""
14547
"\n"
14548
"define host{\n"
14549
" use generic-host ; Name of host "
14550
"template to use\n"
14551
" host_name server02\n"
14552
" alias Server 02\n"
14553
" address 172.18.100.101\n"
14554
"}\n"
14555
"\n"
14556
"# check DNS service.\n"
14557
"define service {\n"
14558
" use generic-service\n"
14559
" host_name server02\n"
14560
" service_description DNS\n"
14561
" check_command check_dns!172.18.100.101\n"
14562
"}\n"
9177
msgid "\ndefine host{\n use generic-host ; Name of host template to use\n host_name server02\n alias Server 02\n address 172.18.100.101\n}\n\n# check DNS service.\ndefine service {\n use generic-service\n host_name server02\n service_description DNS\n check_command check_dns!172.18.100.101\n}\n"
14563
9178
msgstr ""
14564
9179
14565
9180
#: serverguide/C/monitoring.xml:236(para)
14566
msgid ""
14567
"Restart the <application>nagios</application> daemon to enable the new "
14568
"configuration:"
9181
msgid "Restart the <application>nagios</application> daemon to enable the new configuration:"
14569
9182
msgstr ""
14570
9183
14571
9184
#: serverguide/C/monitoring.xml:241(command) serverguide/C/monitoring.xml:308(command) serverguide/C/monitoring.xml:375(command)
14573
9186
msgstr ""
14574
9187
14575
9188
#: serverguide/C/monitoring.xml:251(para)
14576
msgid ""
14577
"Now add a service definition for the MySQL check by adding the following to "
14578
"<filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
9189
msgid "Now add a service definition for the MySQL check by adding the following to <filename>/etc/nagios3/conf.d/services_nagios2.cfg</filename>:"
14579
9190
msgstr ""
14580
9191
14581
9192
#: serverguide/C/monitoring.xml:255(programlisting)
14582
9193
#, no-wrap
14583
msgid ""
14584
"\n"
14585
"# check MySQL servers.\n"
14586
"define service {\n"
14587
" hostgroup_name mysql-servers\n"
14588
" service_description MySQL\n"
14589
" check_command "
14590
"check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n"
14591
" use generic-service\n"
14592
" notification_interval 0 ; set > 0 if you want to be "
14593
"renotified\n"
14594
"}\n"
9194
msgid "\n# check MySQL servers.\ndefine service {\n hostgroup_name mysql-servers\n service_description MySQL\n check_command check_mysql_cmdlinecred!nagios!secret!$HOSTADDRESS\n use generic-service\n notification_interval 0 ; set > 0 if you want to be renotified\n}\n"
14595
9195
msgstr ""
14596
9196
14597
9197
#: serverguide/C/monitoring.xml:269(para)
14598
msgid ""
14599
"A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. "
14600
"Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
9198
msgid "A <emphasis>mysqsl-servers</emphasis> hostgroup now needs to be defined. Edit <filename>/etc/nagios3/conf.d/hostgroups_nagios2.cfg</filename> adding:"
14601
9199
msgstr ""
14602
9200
14603
9201
#: serverguide/C/monitoring.xml:274(programlisting)
14604
9202
#, no-wrap
14605
msgid ""
14606
"\n"
14607
"# MySQL hostgroup.\n"
14608
"define hostgroup {\n"
14609
" hostgroup_name mysql-servers\n"
14610
" alias MySQL servers\n"
14611
" members localhost, server02\n"
14612
" }\n"
9203
msgid "\n# MySQL hostgroup.\ndefine hostgroup {\n hostgroup_name mysql-servers\n alias MySQL servers\n members localhost, server02\n }\n"
14613
9204
msgstr ""
14614
9205
14615
9206
#: serverguide/C/monitoring.xml:286(para)
14616
msgid ""
14617
"The Nagios check needs to authenticate to MySQL. To add a "
14618
"<emphasis>nagios</emphasis> user to MySQL enter:"
9207
msgid "The Nagios check needs to authenticate to MySQL. To add a <emphasis>nagios</emphasis> user to MySQL enter:"
14619
9208
msgstr ""
14620
9209
14621
9210
#: serverguide/C/monitoring.xml:291(command)
14623
9212
msgstr ""
14624
9213
14625
9214
#: serverguide/C/monitoring.xml:295(para)
14626
msgid ""
14627
"The <emphasis>nagios</emphasis> user will need to be added all hosts in the "
14628
"<emphasis>mysql-servers</emphasis> hostgroup."
9215
msgid "The <emphasis>nagios</emphasis> user will need to be added all hosts in the <emphasis>mysql-servers</emphasis> hostgroup."
14629
9216
msgstr ""
14630
9217
14631
9218
#: serverguide/C/monitoring.xml:303(para)
14632
msgid ""
14633
"Restart <application>nagios</application> to start checking the MySQL "
14634
"servers."
9219
msgid "Restart <application>nagios</application> to start checking the MySQL servers."
14635
9220
msgstr ""
14636
9221
14637
9222
#: serverguide/C/monitoring.xml:318(para)
14638
msgid ""
14639
"Lastly configure NRPE to check the disk space on "
14640
"<emphasis>server02</emphasis>."
9223
msgid "Lastly configure NRPE to check the disk space on <emphasis>server02</emphasis>."
14641
9224
msgstr ""
14642
9225
14643
9226
#: serverguide/C/monitoring.xml:322(para)
14644
msgid ""
14645
"On <emphasis>server01</emphasis> add the service check to "
14646
"<filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
9227
msgid "On <emphasis>server01</emphasis> add the service check to <filename>/etc/nagios3/conf.d/server02.cfg</filename>:"
14647
9228
msgstr ""
14648
9229
14649
9230
#: serverguide/C/monitoring.xml:327(programlisting)
14650
9231
#, no-wrap
14651
msgid ""
14652
"\n"
14653
"# NRPE disk check.\n"
14654
"define service {\n"
14655
" use generic-service\n"
14656
" host_name server02\n"
14657
" service_description nrpe-disk\n"
14658
" check_command "
14659
"check_nrpe_1arg!check_all_disks!172.18.100.101\n"
14660
"}\n"
9232
msgid "\n# NRPE disk check.\ndefine service {\n use generic-service\n host_name server02\n service_description nrpe-disk\n check_command check_nrpe_1arg!check_all_disks!172.18.100.101\n}\n"
14661
9233
msgstr ""
14662
9234
14663
9235
#: serverguide/C/monitoring.xml:340(para)
14664
msgid ""
14665
"Now on <emphasis>server02</emphasis> edit "
14666
"<filename>/etc/nagios/nrpe.cfg</filename> changing:"
9236
msgid "Now on <emphasis>server02</emphasis> edit <filename>/etc/nagios/nrpe.cfg</filename> changing:"
14667
9237
msgstr ""
14668
9238
14669
9239
#: serverguide/C/monitoring.xml:344(programlisting)
14670
9240
#, no-wrap
14671
msgid ""
14672
"\n"
14673
"allowed_hosts=172.18.100.100\n"
9241
msgid "\nallowed_hosts=172.18.100.100\n"
14674
9242
msgstr ""
14675
9243
14676
9244
#: serverguide/C/monitoring.xml:348(para)
14679
9247
14680
9248
#: serverguide/C/monitoring.xml:352(programlisting)
14681
9249
#, no-wrap
14682
msgid ""
14683
"\n"
14684
"command[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -"
14685
"e\n"
9250
msgid "\ncommand[check_all_disks]=/usr/lib/nagios/plugins/check_disk -w 20% -c 10% -e\n"
14686
9251
msgstr ""
14687
9252
14688
9253
#: serverguide/C/monitoring.xml:359(para)
14694
9259
msgstr ""
14695
9260
14696
9261
#: serverguide/C/monitoring.xml:370(para)
14697
msgid ""
14698
"Also, on <emphasis>server01</emphasis> restart "
14699
"<application>nagios</application>:"
9262
msgid "Also, on <emphasis>server01</emphasis> restart <application>nagios</application>:"
14700
9263
msgstr ""
14701
9264
14702
9265
#: serverguide/C/monitoring.xml:383(para)
14703
msgid ""
14704
"You should now be able to see the host and service checks in the Nagios CGI "
14705
"files. To access them point a browser to http://server01/nagios3. You will "
14706
"then be prompted for the <emphasis>nagiosadmin</emphasis> username and "
14707
"password."
9266
msgid "You should now be able to see the host and service checks in the Nagios CGI files. To access them point a browser to http://server01/nagios3. You will then be prompted for the <emphasis>nagiosadmin</emphasis> username and password."
14708
9267
msgstr ""
14709
9268
14710
9269
#: serverguide/C/monitoring.xml:393(para)
14711
msgid ""
14712
"This section has just scratched the surface of Nagios' features. The "
14713
"<application>nagios-plugins-extra</application> and <application>nagios-snmp-"
14714
"plugins</application> contain many more service checks."
9270
msgid "This section has just scratched the surface of Nagios' features. The <application>nagios-plugins-extra</application> and <application>nagios-snmp-plugins</application> contain many more service checks."
14715
9271
msgstr ""
14716
9272
14717
9273
#: serverguide/C/monitoring.xml:400(para)
14718
msgid ""
14719
"For more information see <ulink "
14720
"url=\"http://www.nagios.org/\">Nagios</ulink> website."
9274
msgid "For more information see <ulink url=\"http://www.nagios.org/\">Nagios</ulink> website."
14721
9275
msgstr ""
14722
9276
14723
9277
#: serverguide/C/monitoring.xml:405(para)
14724
msgid ""
14725
"Specifically the <ulink "
14726
"url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> "
14727
"site."
9278
msgid "Specifically the <ulink url=\"http://nagios.sourceforge.net/docs/3_0/\">Online Documentation</ulink> site."
14728
9279
msgstr ""
14729
9280
14730
9281
#: serverguide/C/monitoring.xml:410(para)
14731
msgid ""
14732
"There is also a list of <ulink "
14733
"url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to "
14734
"Nagios and network monitoring:"
9282
msgid "There is also a list of <ulink url=\"http://www.nagios.org/propaganda/books/\">books</ulink> related to Nagios and network monitoring:"
14735
9283
msgstr ""
14736
9284
14737
9285
#: serverguide/C/monitoring.xml:420(title)
14739
9287
msgstr ""
14740
9288
14741
9289
#: serverguide/C/monitoring.xml:425(para)
14742
msgid ""
14743
"Before installing <application>Munin</application> on "
14744
"<emphasis>server01</emphasis><application>apache2</application> will need to "
14745
"be installed. The default configuration is fine for running a "
14746
"<application>munin</application> server. For more information see <xref "
14747
"linkend=\"httpd\"/>."
9290
msgid "Before installing <application>Munin</application> on <emphasis>server01</emphasis><application>apache2</application> will need to be installed. The default configuration is fine for running a <application>munin</application> server. For more information see <xref linkend=\"httpd\"/>."
14748
9291
msgstr ""
14749
9292
14750
9293
#: serverguide/C/monitoring.xml:431(para)
14751
msgid ""
14752
"First, on <emphasis>server01</emphasis> install "
14753
"<application>munin</application>. In a terminal enter:"
9294
msgid "First, on <emphasis>server01</emphasis> install <application>munin</application>. In a terminal enter:"
14754
9295
msgstr ""
14755
9296
14756
9297
#: serverguide/C/monitoring.xml:436(command)
14758
9299
msgstr ""
14759
9300
14760
9301
#: serverguide/C/monitoring.xml:439(para)
14761
msgid ""
14762
"Now on <emphasis>server02</emphasis> install the <application>munin-"
14763
"node</application> package:"
9302
msgid "Now on <emphasis>server02</emphasis> install the <application>munin-node</application> package:"
14764
9303
msgstr ""
14765
9304
14766
9305
#: serverguide/C/monitoring.xml:444(command)
14768
9307
msgstr ""
14769
9308
14770
9309
#: serverguide/C/monitoring.xml:451(para)
14771
msgid ""
14772
"On <emphasis>server01</emphasis> edit the "
14773
"<filename>/etc/munin/munin.conf</filename> adding the IP address for "
14774
"<emphasis>server02</emphasis>:"
9310
msgid "On <emphasis>server01</emphasis> edit the <filename>/etc/munin/munin.conf</filename> adding the IP address for <emphasis>server02</emphasis>:"
14775
9311
msgstr ""
14776
9312
14777
9313
#: serverguide/C/monitoring.xml:456(programlisting)
14778
9314
#, no-wrap
14779
msgid ""
14780
"\n"
14781
"## First our \"normal\" host.\n"
14782
"[server02]\n"
14783
" address 172.18.100.101\n"
9315
msgid "\n## First our \"normal\" host.\n[server02]\n address 172.18.100.101\n"
14784
9316
msgstr ""
14785
9317
14786
9318
#: serverguide/C/monitoring.xml:463(para)
14787
msgid ""
14788
"Replace <emphasis>server02</emphasis> and "
14789
"<emphasis>172.18.100.101</emphasis> with the actual hostname and IP address "
14790
"for your server."
9319
msgid "Replace <emphasis>server02</emphasis> and <emphasis>172.18.100.101</emphasis> with the actual hostname and IP address for your server."
14791
9320
msgstr ""
14792
9321
14793
9322
#: serverguide/C/monitoring.xml:469(para)
14794
msgid ""
14795
"Next, configure <application>munin-node</application> on "
14796
"<emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-"
14797
"node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
9323
msgid "Next, configure <application>munin-node</application> on <emphasis>server02</emphasis>. Edit <filename>/etc/munin/munin-node.conf</filename> to allow access by <emphasis>server01</emphasis>:"
14798
9324
msgstr ""
14799
9325
14800
9326
#: serverguide/C/monitoring.xml:474(programlisting)
14801
9327
#, no-wrap
14802
msgid ""
14803
"\n"
14804
"allow ^172\\.18\\.100\\.100$\n"
9328
msgid "\nallow ^172\\.18\\.100\\.100$\n"
14805
9329
msgstr ""
14806
9330
14807
9331
#: serverguide/C/monitoring.xml:479(para)
14808
msgid ""
14809
"Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your "
14810
"<application>munin</application> server."
9332
msgid "Replace <emphasis>^172\\.18\\.100\\.100$</emphasis> with IP address for your <application>munin</application> server."
14811
9333
msgstr ""
14812
9334
14813
9335
#: serverguide/C/monitoring.xml:484(para)
14814
msgid ""
14815
"Now restart <application>munin-node</application> on "
14816
"<emphasis>server02</emphasis> for the changes to take effect:"
9336
msgid "Now restart <application>munin-node</application> on <emphasis>server02</emphasis> for the changes to take effect:"
14817
9337
msgstr ""
14818
9338
14819
9339
#: serverguide/C/monitoring.xml:489(command)
14821
9341
msgstr ""
14822
9342
14823
9343
#: serverguide/C/monitoring.xml:492(para)
14824
msgid ""
14825
"Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and "
14826
"you should see links to nice graphs displaying information from the standard "
14827
"<emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
9344
msgid "Finally, in a browser go to <emphasis>http://server01/munin</emphasis>, and you should see links to nice graphs displaying information from the standard <emphasis>munin-plugins</emphasis> for disk, network, processes, and system."
14828
9345
msgstr ""
14829
9346
14830
9347
#: serverguide/C/monitoring.xml:498(para)
14831
msgid ""
14832
"Since this is a new install it may take some time for the graphs to display "
14833
"anything useful."
9348
msgid "Since this is a new install it may take some time for the graphs to display anything useful."
14834
9349
msgstr ""
14835
9350
14836
9351
#: serverguide/C/monitoring.xml:505(title)
14838
9353
msgstr ""
14839
9354
14840
9355
#: serverguide/C/monitoring.xml:507(para)
14841
msgid ""
14842
"The <application>munin-plugins-extra</application> package contains "
14843
"performance checks additional services such as DNS, DHCP, Samba, etc. To "
14844
"install the package, from a terminal enter:"
9356
msgid "The <application>munin-plugins-extra</application> package contains performance checks additional services such as DNS, DHCP, Samba, etc. To install the package, from a terminal enter:"
14845
9357
msgstr ""
14846
9358
14847
9359
#: serverguide/C/monitoring.xml:513(command)
14853
9365
msgstr ""
14854
9366
14855
9367
#: serverguide/C/monitoring.xml:526(para)
14856
msgid ""
14857
"See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> "
14858
"website for more details."
9368
msgid "See the <ulink url=\"http://munin.projects.linpro.no/\">Munin</ulink> website for more details."
14859
9369
msgstr ""
14860
9370
14861
9371
#: serverguide/C/monitoring.xml:531(para)
14862
msgid ""
14863
"Specifically the <ulink "
14864
"url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin "
14865
"Documentation</ulink> page includes information on additional plugins, "
14866
"writing plugins, etc."
9372
msgid "Specifically the <ulink url=\"http://munin.projects.linpro.no/wiki/Documentation\">Munin Documentation</ulink> page includes information on additional plugins, writing plugins, etc."
14867
9373
msgstr ""
14868
9374
14869
9375
#: serverguide/C/monitoring.xml:537(para)
14870
msgid ""
14871
"Also, there is a book in German by Open Source Press: <ulink "
14872
"url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_prod"
14873
"ucts=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
9376
msgid "Also, there is a book in German by Open Source Press: <ulink url=\"https://www.opensourcepress.de/index.php?26&backPID=178&tt_products=152\">Munin Graphisches Netzwerk- und System-Monitoring</ulink>."
14874
9377
msgstr ""
14875
9378
14876
9379
#: serverguide/C/mail.xml:13(title)
14878
9381
msgstr ""
14879
9382
14880
9383
#: serverguide/C/mail.xml:14(para)
14881
msgid ""
14882
"The process of getting an email from one person to another over a network or "
14883
"the Internet involves many systems working together. Each of these systems "
14884
"must be correctly configured for the process to work. The sender uses a "
14885
"<emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the "
14886
"message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), "
14887
"the last of which will hand it off to a <emphasis>Mail Delivery "
14888
"Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which "
14889
"it will be retrieved by the recipient's email client, usually via a POP3 or "
14890
"IMAP server."
9384
msgid "The process of getting an email from one person to another over a network or the Internet involves many systems working together. Each of these systems must be correctly configured for the process to work. The sender uses a <emphasis>Mail User Agent</emphasis> (MUA), or email client, to send the message through one or more <emphasis>Mail Transfer Agents</emphasis> (MTA), the last of which will hand it off to a <emphasis>Mail Delivery Agent</emphasis> (MDA) for delivery to the recipient's mailbox, from which it will be retrieved by the recipient's email client, usually via a POP3 or IMAP server."
14891
9385
msgstr ""
14892
9386
14893
9387
#: serverguide/C/mail.xml:24(title) serverguide/C/mail.xml:804(application) serverguide/C/mail.xml:838(title) serverguide/C/mail.xml:916(title) serverguide/C/mail.xml:1475(title)
14895
9389
msgstr ""
14896
9390
14897
9391
#: serverguide/C/mail.xml:25(para)
14898
msgid ""
14899
"<application>Postfix</application> is the default Mail Transfer Agent (MTA) "
14900
"in Ubuntu. It attempts to be fast and easy to administer and secure. It is "
14901
"compatible with the MTA <application>sendmail</application>. This section "
14902
"explains how to install and configure <application>postfix</application>. It "
14903
"also explains how to set it up as an SMTP server using a secure connection "
14904
"(for sending emails securely)."
9392
msgid "<application>Postfix</application> is the default Mail Transfer Agent (MTA) in Ubuntu. It attempts to be fast and easy to administer and secure. It is compatible with the MTA <application>sendmail</application>. This section explains how to install and configure <application>postfix</application>. It also explains how to set it up as an SMTP server using a secure connection (for sending emails securely)."
14905
9393
msgstr ""
14906
9394
14907
9395
#: serverguide/C/mail.xml:34(para)
14908
msgid ""
14909
"This guide does not cover setting up Postfix <emphasis>Virtual "
14910
"Domains</emphasis>, for information on Virtual Domains and other advanced "
14911
"configurations see <xref linkend=\"postfix-references\"/>."
9396
msgid "This guide does not cover setting up Postfix <emphasis>Virtual Domains</emphasis>, for information on Virtual Domains and other advanced configurations see <xref linkend=\"postfix-references\"/>."
14912
9397
msgstr ""
14913
9398
14914
9399
#: serverguide/C/mail.xml:41(para)
14915
msgid ""
14916
"To install <application>postfix</application> run the following command:"
9400
msgid "To install <application>postfix</application> run the following command:"
14917
9401
msgstr ""
14918
9402
14919
9403
#: serverguide/C/mail.xml:47(para)
14920
msgid ""
14921
"Simply press return when the installation process asks questions, the "
14922
"configuration will be done in greater detail in the next stage."
9404
msgid "Simply press return when the installation process asks questions, the configuration will be done in greater detail in the next stage."
14923
9405
msgstr ""
14924
9406
14925
9407
#: serverguide/C/mail.xml:52(title)
14927
9409
msgstr ""
14928
9410
14929
9411
#: serverguide/C/mail.xml:53(para)
14930
msgid ""
14931
"To configure <application>postfix</application>, run the following command:"
9412
msgid "To configure <application>postfix</application>, run the following command:"
14932
9413
msgstr ""
14933
9414
14934
9415
#: serverguide/C/mail.xml:57(command)
14956
9437
msgstr ""
14957
9438
14958
9439
#: serverguide/C/mail.xml:68(para)
14959
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24"
9440
msgid "127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24"
14960
9441
msgstr ""
14961
9442
14962
9443
#: serverguide/C/mail.xml:69(para)
14972
9453
msgstr ""
14973
9454
14974
9455
#: serverguide/C/mail.xml:59(para)
14975
msgid ""
14976
"The user interface will be displayed. On each screen, select the following "
14977
"values: <placeholder-1/>"
9456
msgid "The user interface will be displayed. On each screen, select the following values: <placeholder-1/>"
14978
9457
msgstr ""
14979
9458
14980
9459
#: serverguide/C/mail.xml:75(para)
14981
msgid ""
14982
"Replace mail.example.com with the domain for which you'll accept email, "
14983
"192.168.0/24 with the actual network and class range of your mail server, "
14984
"and steve with the appropriate username."
9460
msgid "Replace mail.example.com with the domain for which you'll accept email, 192.168.0.0/24 with the actual network and class range of your mail server, and steve with the appropriate username."
14985
9461
msgstr ""
14986
9462
14987
9463
#: serverguide/C/mail.xml:81(para)
14988
msgid ""
14989
"Now is a good time to decide which mailbox format you want to use. By "
14990
"default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the "
14991
"mailbox format. Rather than editing the configuration file directly, you can "
14992
"use the <command>postconf</command> command to configure all "
14993
"<application>postfix</application> parameters. The configuration parameters "
14994
"will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if "
14995
"you wish to re-configure a particular parameter, you can either run the "
14996
"command or change it manually in the file."
9464
msgid "Now is a good time to decide which mailbox format you want to use. By default Postfix will use <emphasis role=\"strong\">mbox</emphasis> for the mailbox format. Rather than editing the configuration file directly, you can use the <command>postconf</command> command to configure all <application>postfix</application> parameters. The configuration parameters will be stored in <filename>/etc/postfix/main.cf</filename> file. Later if you wish to re-configure a particular parameter, you can either run the command or change it manually in the file."
14997
9465
msgstr ""
14998
9466
14999
9467
#: serverguide/C/mail.xml:92(para)
15000
msgid ""
15001
"To configure the mailbox format for <emphasis "
15002
"role=\"strong\">Maildir:</emphasis>"
9468
msgid "To configure the mailbox format for <emphasis role=\"strong\">Maildir:</emphasis>"
15003
9469
msgstr ""
15004
9470
15005
9471
#: serverguide/C/mail.xml:97(command)
15007
9473
msgstr ""
15008
9474
15009
9475
#: serverguide/C/mail.xml:100(para)
15010
msgid ""
15011
"This will place new mail in /home/<emphasis "
15012
"role=\"italic\">username</emphasis>/Maildir so you will need to configure "
15013
"your Mail Delivery Agent (MDA) to use the same path."
9476
msgid "This will place new mail in /home/<emphasis role=\"italic\">username</emphasis>/Maildir so you will need to configure your Mail Delivery Agent (MDA) to use the same path."
15014
9477
msgstr ""
15015
9478
15016
9479
#: serverguide/C/mail.xml:108(title) serverguide/C/mail.xml:538(title)
15018
9481
msgstr ""
15019
9482
15020
9483
#: serverguide/C/mail.xml:110(para)
15021
msgid ""
15022
"SMTP-AUTH allows a client to identify itself through an authentication "
15023
"mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt "
15024
"the authentication process. Once authenticated the SMTP server will allow "
15025
"the client to relay mail."
9484
msgid "SMTP-AUTH allows a client to identify itself through an authentication mechanism (SASL). Transport Layer Security (TLS) should be used to encrypt the authentication process. Once authenticated the SMTP server will allow the client to relay mail."
15026
9485
msgstr ""
15027
9486
15028
9487
#: serverguide/C/mail.xml:117(para)
15031
9490
15032
9491
#: serverguide/C/mail.xml:120(screen)
15033
9492
#, no-wrap
15034
msgid ""
15035
"\n"
15036
"sudo postconf -e 'smtpd_sasl_type = dovecot'\n"
15037
"sudo postconf -e 'smtpd_sasl_path = private/auth-client'\n"
15038
"sudo postconf -e 'smtpd_sasl_local_domain ='\n"
15039
"sudo postconf -e 'smtpd_sasl_security_options = noanonymous'\n"
15040
"sudo postconf -e 'broken_sasl_auth_clients = yes'\n"
15041
"sudo postconf -e 'smtpd_sasl_auth_enable = yes'\n"
15042
"sudo postconf -e 'smtpd_recipient_restrictions = "
15043
"permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\n"
15044
"sudo postconf -e 'inet_interfaces = all'\n"
9493
msgid "\nsudo postconf -e 'smtpd_sasl_type = dovecot'\nsudo postconf -e 'smtpd_sasl_path = private/auth-client'\nsudo postconf -e 'smtpd_sasl_local_domain ='\nsudo postconf -e 'smtpd_sasl_security_options = noanonymous'\nsudo postconf -e 'broken_sasl_auth_clients = yes'\nsudo postconf -e 'smtpd_sasl_auth_enable = yes'\nsudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'\nsudo postconf -e 'inet_interfaces = all'\n"
15045
9494
msgstr ""
15046
9495
15047
9496
#: serverguide/C/mail.xml:131(para)
15048
msgid ""
15049
"The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to "
15050
"the Postfix queue directory."
9497
msgid "The <emphasis>smtpd_sasl_path</emphasis> configuration is a path relative to the Postfix queue directory."
15051
9498
msgstr ""
15052
9499
15053
9500
#: serverguide/C/mail.xml:137(para)
15054
msgid ""
15055
"Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-"
15056
"and-security\"/> for details. This example also uses a Certificate Authority "
15057
"(CA). For information on generating a CA certificate see <xref "
15058
"linkend=\"certificate-authority\"/>."
9501
msgid "Next, obtain a digital certificate for TLS. See <xref linkend=\"certificates-and-security\"/> for details. This example also uses a Certificate Authority (CA). For information on generating a CA certificate see <xref linkend=\"certificate-authority\"/>."
15059
9502
msgstr ""
15060
9503
15061
9504
#: serverguide/C/mail.xml:143(para)
15062
msgid ""
15063
"You can get the digital certificate from a certificate authority. But unlike "
15064
"web clients, SMTP clients rarely complain about \"self-signed "
15065
"certificates\", so alternatively, you can create the certificate yourself. "
15066
"Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more "
15067
"details."
9505
msgid "You can get the digital certificate from a certificate authority. But unlike web clients, SMTP clients rarely complain about \"self-signed certificates\", so alternatively, you can create the certificate yourself. Refer to <xref linkend=\"creating-a-self-signed-certificate\"/> for more details."
15068
9506
msgstr ""
15069
9507
15070
9508
#: serverguide/C/mail.xml:155(para)
15071
msgid ""
15072
"Once you have a certificate, configure Postfix to provide TLS encryption for "
15073
"both incoming and outgoing mail:"
9509
msgid "Once you have a certificate, configure Postfix to provide TLS encryption for both incoming and outgoing mail:"
15074
9510
msgstr ""
15075
9511
15076
9512
#: serverguide/C/mail.xml:158(screen)
15077
9513
#, no-wrap
15078
msgid ""
15079
"\n"
15080
"sudo postconf -e 'smtpd_tls_auth_only = no'\n"
15081
"sudo postconf -e 'smtp_use_tls = yes'\n"
15082
"sudo postconf -e 'smtpd_use_tls = yes'\n"
15083
"sudo postconf -e 'smtp_tls_note_starttls_offer = yes'\n"
15084
"sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\n"
15085
"sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\n"
15086
"sudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'\n"
15087
"sudo postconf -e 'smtpd_tls_loglevel = 1'\n"
15088
"sudo postconf -e 'smtpd_tls_received_header = yes'\n"
15089
"sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\n"
15090
"sudo postconf -e 'tls_random_source = dev:/dev/urandom'\n"
15091
"sudo postconf -e 'myhostname = mail.example.com'\n"
9514
msgid "\nsudo postconf -e 'smtpd_tls_auth_only = no'\nsudo postconf -e 'smtp_use_tls = yes'\nsudo postconf -e 'smtpd_use_tls = yes'\nsudo postconf -e 'smtp_tls_note_starttls_offer = yes'\nsudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'\nsudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'\nsudo postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'\nsudo postconf -e 'smtpd_tls_loglevel = 1'\nsudo postconf -e 'smtpd_tls_received_header = yes'\nsudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'\nsudo postconf -e 'tls_random_source = dev:/dev/urandom'\nsudo postconf -e 'myhostname = mail.example.com'\n"
15092
9515
msgstr ""
15093
9516
15094
9517
#: serverguide/C/mail.xml:175(para)
15095
msgid ""
15096
"After running all the commands, <application>Postfix</application> is "
15097
"configured for SMTP-AUTH and a self-signed certificate has been created for "
15098
"TLS encryption."
9518
msgid "After running all the commands, <application>Postfix</application> is configured for SMTP-AUTH and a self-signed certificate has been created for TLS encryption."
15099
9519
msgstr ""
15100
9520
15101
9521
#: serverguide/C/mail.xml:180(para)
15102
msgid ""
15103
"Now, the file <filename>/etc/postfix/main.cf</filename> should look like "
15104
"<ulink url=\"../sample/postfix_configuration\">this</ulink>."
9522
msgid "Now, the file <filename>/etc/postfix/main.cf</filename> should look like <ulink url=\"../sample/postfix_configuration\">this</ulink>."
15105
9523
msgstr ""
15106
9524
15107
9525
#: serverguide/C/mail.xml:184(para)
15108
msgid ""
15109
"The postfix initial configuration is complete. Run the following command to "
15110
"restart the postfix daemon:"
9526
msgid "The postfix initial configuration is complete. Run the following command to restart the postfix daemon:"
15111
9527
msgstr ""
15112
9528
15113
9529
#: serverguide/C/mail.xml:189(para)
15114
msgid ""
15115
"<application>Postfix</application> supports SMTP-AUTH as defined in <ulink "
15116
"url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based "
15117
"on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. "
15118
"However it is still necessary to set up SASL authentication before you can "
15119
"use SMTP-AUTH."
9530
msgid "<application>Postfix</application> supports SMTP-AUTH as defined in <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2554.txt\">RFC2554</ulink>. It is based on <ulink url=\"ftp://ftp.isi.edu/in-notes/rfc2222.txt\">SASL</ulink>. However it is still necessary to set up SASL authentication before you can use SMTP-AUTH."
15120
9531
msgstr ""
15121
9532
15122
9533
#: serverguide/C/mail.xml:199(title) serverguide/C/mail.xml:591(title)
15124
9535
msgstr ""
15125
9536
15126
9537
#: serverguide/C/mail.xml:200(para)
15127
msgid ""
15128
"Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To "
15129
"enable Dovecot SASL the <application>dovecot-common</application> package "
15130
"will need to be installed. From a terminal prompt enter the following:"
9538
msgid "Postfix supports two SASL implementations Cyrus SASL and Dovecot SASL. To enable Dovecot SASL the <application>dovecot-common</application> package will need to be installed. From a terminal prompt enter the following:"
15131
9539
msgstr ""
15132
9540
15133
9541
#: serverguide/C/mail.xml:206(command)
15135
9543
msgstr ""
15136
9544
15137
9545
#: serverguide/C/mail.xml:208(para)
15138
msgid ""
15139
"Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. "
15140
"In the <emphasis>auth default</emphasis> section uncomment the "
15141
"<emphasis>socket listen</emphasis> option and change the following:"
9546
msgid "Next you will need to edit <filename>/etc/dovecot/dovecot.conf</filename>. In the <emphasis>auth default</emphasis> section uncomment the <emphasis>socket listen</emphasis> option and change the following:"
15142
9547
msgstr ""
15143
9548
15144
9549
#: serverguide/C/mail.xml:212(programlisting)
15145
9550
#, no-wrap
15146
msgid ""
15147
"\n"
15148
" socket listen {\n"
15149
" #master {\n"
15150
" # Master socket provides access to userdb information. It's typically\n"
15151
" # used to give Dovecot's local delivery agent access to userdb so it\n"
15152
" # can find mailbox locations.\n"
15153
" #path = /var/run/dovecot/auth-master\n"
15154
" #mode = 0600\n"
15155
" # Default user/group is the one who started dovecot-auth (root)\n"
15156
" #user = \n"
15157
" #group = \n"
15158
" #}\n"
15159
" client {\n"
15160
" # The client socket is generally safe to export to everyone. Typical "
15161
"use\n"
15162
" # is to export it to your SMTP server so it can do SMTP AUTH lookups\n"
15163
" # using it.\n"
15164
" path = /var/spool/postfix/private/auth-client\n"
15165
" mode = 0660\n"
15166
" user = postfix\n"
15167
" group = postfix\n"
15168
" }\n"
15169
" }\n"
9551
msgid "\n socket listen {\n #master {\n # Master socket provides access to userdb information. It's typically\n # used to give Dovecot's local delivery agent access to userdb so it\n # can find mailbox locations.\n #path = /var/run/dovecot/auth-master\n #mode = 0600\n # Default user/group is the one who started dovecot-auth (root)\n #user = \n #group = \n #}\n client {\n # The client socket is generally safe to export to everyone. Typical use\n # is to export it to your SMTP server so it can do SMTP AUTH lookups\n # using it.\n path = /var/spool/postfix/private/auth-client\n mode = 0660\n user = postfix\n group = postfix\n }\n }\n"
15170
9552
msgstr ""
15171
9553
15172
9554
#: serverguide/C/mail.xml:236(para)
15173
msgid ""
15174
"In order to let <application>Outlook</application> clients use SMTPAUTH, in "
15175
"the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf "
15176
"add <emphasis>\"login\"</emphasis>:"
9555
msgid "In order to let <application>Outlook</application> clients use SMTPAUTH, in the <emphasis>auth default</emphasis> section of /etc/dovecot/dovecot.conf add <emphasis>\"login\"</emphasis>:"
15177
9556
msgstr ""
15178
9557
15179
9558
#: serverguide/C/mail.xml:241(programlisting)
15180
9559
#, no-wrap
15181
msgid ""
15182
"\n"
15183
" mechanisms = plain login\n"
9560
msgid "\n mechanisms = plain login\n"
15184
9561
msgstr ""
15185
9562
15186
9563
#: serverguide/C/mail.xml:245(para)
15187
msgid ""
15188
"Once you have <application>Dovecot</application> configured restart it with:"
9564
msgid "Once you have <application>Dovecot</application> configured restart it with:"
15189
9565
msgstr ""
15190
9566
15191
9567
#: serverguide/C/mail.xml:249(command) serverguide/C/mail.xml:712(command)
15197
9573
msgstr ""
15198
9574
15199
9575
#: serverguide/C/mail.xml:256(para)
15200
msgid ""
15201
"Another option for configuring <application>Postfix</application> for SMTP-"
15202
"AUTH is using the <application>dovecot-postfix</application> package. This "
15203
"package will install <application>Dovecot</application> and configure "
15204
"<application>Postfix</application> to use it for both SASL authentication "
15205
"and as a Mail Delivery Agent (MDA). The package also configures "
15206
"<application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
9576
msgid "Another option for configuring <application>Postfix</application> for SMTP-AUTH is using the <application>dovecot-postfix</application> package. This package will install <application>Dovecot</application> and configure <application>Postfix</application> to use it for both SASL authentication and as a Mail Delivery Agent (MDA). The package also configures <application>Dovecot</application> for IMAP, IMAPS, POP3, and POP3S."
15207
9577
msgstr ""
15208
9578
15209
9579
#: serverguide/C/mail.xml:265(para)
15210
msgid ""
15211
"You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail "
15212
"server. For example, if you are configuring your server to be a mail "
15213
"gateway, spam/virus filter, etc. If this is the case it may be easier to use "
15214
"the above commands to configure Postfix for SMTPAUTH."
9580
msgid "You may or may not want to run IMAP, IMAPS, POP3, or POP3S on your mail server. For example, if you are configuring your server to be a mail gateway, spam/virus filter, etc. If this is the case it may be easier to use the above commands to configure Postfix for SMTPAUTH."
15215
9581
msgstr ""
15216
9582
15217
9583
#: serverguide/C/mail.xml:272(para)
15223
9589
msgstr ""
15224
9590
15225
9591
#: serverguide/C/mail.xml:280(para)
15226
msgid ""
15227
"You should now have a working mail server, but there are a few options that "
15228
"you may wish to further customize. For example, the package uses the "
15229
"certificate and key from the <application>ssl-cert</application> package, "
15230
"and in a production environment you should use a certificate and key "
15231
"generated for the host. See <xref linkend=\"certificates-and-security\"/> "
15232
"for more details."
9592
msgid "You should now have a working mail server, but there are a few options that you may wish to further customize. For example, the package uses the certificate and key from the <application>ssl-cert</application> package, and in a production environment you should use a certificate and key generated for the host. See <xref linkend=\"certificates-and-security\"/> for more details."
15233
9593
msgstr ""
15234
9594
15235
9595
#: serverguide/C/mail.xml:286(para)
15236
msgid ""
15237
"Once you have a customized certificate and key for the host, change the "
15238
"following options in <filename>/etc/postfix/main.cf</filename>:"
9596
msgid "Once you have a customized certificate and key for the host, change the following options in <filename>/etc/postfix/main.cf</filename>:"
15239
9597
msgstr ""
15240
9598
15241
9599
#: serverguide/C/mail.xml:290(programlisting)
15242
9600
#, no-wrap
15243
msgid ""
15244
"\n"
15245
"smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\n"
15246
"smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
9601
msgid "\nsmtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem\nsmtpd_tls_key_file = /etc/ssl/private/ssl-mail.key\n"
15247
9602
msgstr ""
15248
9603
15249
9604
#: serverguide/C/mail.xml:295(para)
15255
9610
msgstr ""
15256
9611
15257
9612
#: serverguide/C/mail.xml:306(para)
15258
msgid ""
15259
"SMTP-AUTH configuration is complete. Now it is time to test the setup."
9613
msgid "SMTP-AUTH configuration is complete. Now it is time to test the setup."
15260
9614
msgstr ""
15261
9615
15262
9616
#: serverguide/C/mail.xml:309(para)
15268
9622
msgstr ""
15269
9623
15270
9624
#: serverguide/C/mail.xml:316(para)
15271
msgid ""
15272
"After you have established the connection to the postfix mail server, type:"
9625
msgid "After you have established the connection to the postfix mail server, type:"
15273
9626
msgstr ""
15274
9627
15275
9628
#: serverguide/C/mail.xml:320(screen)
15276
9629
#, no-wrap
15277
msgid ""
15278
"\n"
15279
"ehlo mail.example.com\n"
9630
msgid "\nehlo mail.example.com\n"
15280
9631
msgstr ""
15281
9632
15282
9633
#: serverguide/C/mail.xml:323(para)
15283
msgid ""
15284
"If you see the following lines among others, then everything is working "
15285
"perfectly. Type <command>quit</command> to exit."
9634
msgid "If you see the following lines among others, then everything is working perfectly. Type <command>quit</command> to exit."
15286
9635
msgstr ""
15287
9636
15288
9637
#: serverguide/C/mail.xml:327(programlisting)
15289
9638
#, no-wrap
15290
msgid ""
15291
"\n"
15292
"250-STARTTLS\n"
15293
"250-AUTH LOGIN PLAIN\n"
15294
"250-AUTH=LOGIN PLAIN\n"
15295
"250 8BITMIME\n"
9639
msgid "\n250-STARTTLS\n250-AUTH LOGIN PLAIN\n250-AUTH=LOGIN PLAIN\n250 8BITMIME\n"
15296
9640
msgstr ""
15297
9641
15298
9642
#: serverguide/C/mail.xml:337(para)
15299
msgid ""
15300
"This section introduces some common ways to determine the cause if problems "
15301
"arise."
9643
msgid "This section introduces some common ways to determine the cause if problems arise."
15302
9644
msgstr ""
15303
9645
15304
9646
#: serverguide/C/mail.xml:341(title)
15306
9648
msgstr ""
15307
9649
15308
9650
#: serverguide/C/mail.xml:342(para)
15309
msgid ""
15310
"The Ubuntu <application>postfix</application> package will by default "
15311
"install into a <emphasis>chroot</emphasis> environment for security reasons. "
15312
"This can add greater complexity when troubleshooting problems."
9651
msgid "The Ubuntu <application>postfix</application> package will by default install into a <emphasis>chroot</emphasis> environment for security reasons. This can add greater complexity when troubleshooting problems."
15313
9652
msgstr ""
15314
9653
15315
9654
#: serverguide/C/mail.xml:346(para)
15316
msgid ""
15317
"To turn off the chroot operation locate for the following line in the "
15318
"<filename>/etc/postfix/master.cf</filename> configuration file:"
9655
msgid "To turn off the chroot operation locate for the following line in the <filename>/etc/postfix/master.cf</filename> configuration file:"
15319
9656
msgstr ""
15320
9657
15321
9658
#: serverguide/C/mail.xml:350(screen)
15322
9659
#, no-wrap
15323
msgid ""
15324
"\n"
15325
"smtp inet n - - - - smtpd\n"
9660
msgid "\nsmtp inet n - - - - smtpd\n"
15326
9661
msgstr ""
15327
9662
15328
9663
#: serverguide/C/mail.xml:353(para)
15331
9666
15332
9667
#: serverguide/C/mail.xml:356(screen)
15333
9668
#, no-wrap
15334
msgid ""
15335
"\n"
15336
"smtp inet n - n - - smtpd\n"
9669
msgid "\nsmtp inet n - n - - smtpd\n"
15337
9670
msgstr ""
15338
9671
15339
9672
#: serverguide/C/mail.xml:359(para)
15340
msgid ""
15341
"You will then need to restart Postfix to use the new configuration. From a "
15342
"terminal prompt enter:"
9673
msgid "You will then need to restart Postfix to use the new configuration. From a terminal prompt enter:"
15343
9674
msgstr ""
15344
9675
15345
9676
#: serverguide/C/mail.xml:367(title)
15347
9678
msgstr ""
15348
9679
15349
9680
#: serverguide/C/mail.xml:368(para)
15350
msgid ""
15351
"<application>Postfix</application> sends all log messages to "
15352
"<filename>/var/log/mail.log</filename>. However error and warning messages "
15353
"can sometimes get lost in the normal log output so they are also logged to "
15354
"<filename>/var/log/mail.err</filename> and "
15355
"<filename>/var/log/mail.warn</filename> respectively."
9681
msgid "<application>Postfix</application> sends all log messages to <filename>/var/log/mail.log</filename>. However error and warning messages can sometimes get lost in the normal log output so they are also logged to <filename>/var/log/mail.err</filename> and <filename>/var/log/mail.warn</filename> respectively."
15356
9682
msgstr ""
15357
9683
15358
9684
#: serverguide/C/mail.xml:373(para)
15359
msgid ""
15360
"To see messages entered into the logs in real time you can use the "
15361
"<application>tail -f</application> command:"
9685
msgid "To see messages entered into the logs in real time you can use the <application>tail -f</application> command:"
15362
9686
msgstr ""
15363
9687
15364
9688
#: serverguide/C/mail.xml:378(command)
15366
9690
msgstr ""
15367
9691
15368
9692
#: serverguide/C/mail.xml:380(para)
15369
msgid ""
15370
"The amount of detail that is recorded in the logs can be increased. Below "
15371
"are some configuration options for increasing the log level for some of the "
15372
"areas covered above."
9693
msgid "The amount of detail that is recorded in the logs can be increased. Below are some configuration options for increasing the log level for some of the areas covered above."
15373
9694
msgstr ""
15374
9695
15375
9696
#: serverguide/C/mail.xml:386(para)
15376
msgid ""
15377
"To increase <emphasis>TLS</emphasis> activity logging set the "
15378
"<emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
9697
msgid "To increase <emphasis>TLS</emphasis> activity logging set the <emphasis>smtpd_tls_loglevel</emphasis> option to a value from 1 to 4."
15379
9698
msgstr ""
15380
9699
15381
9700
#: serverguide/C/mail.xml:390(command)
15383
9702
msgstr ""
15384
9703
15385
9704
#: serverguide/C/mail.xml:394(para)
15386
msgid ""
15387
"If you are having trouble sending or receiving mail from a specific domain "
15388
"you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
9705
msgid "If you are having trouble sending or receiving mail from a specific domain you can add the domain to the <emphasis>debug_peer_list</emphasis> parameter."
15389
9706
msgstr ""
15390
9707
15391
9708
#: serverguide/C/mail.xml:399(command)
15393
9710
msgstr ""
15394
9711
15395
9712
#: serverguide/C/mail.xml:403(para)
15396
msgid ""
15397
"You can increase the verbosity of any <application>Postfix</application> "
15398
"daemon process by editing the <filename>/etc/postfix/master.cf</filename> "
15399
"and adding a <emphasis>-v</emphasis> after the entry. For example edit the "
15400
"<emphasis>smtp</emphasis> entry:"
9713
msgid "You can increase the verbosity of any <application>Postfix</application> daemon process by editing the <filename>/etc/postfix/master.cf</filename> and adding a <emphasis>-v</emphasis> after the entry. For example edit the <emphasis>smtp</emphasis> entry:"
15401
9714
msgstr ""
15402
9715
15403
9716
#: serverguide/C/mail.xml:407(programlisting)
15404
9717
#, no-wrap
15405
msgid ""
15406
"\n"
15407
"smtp unix - - - - - smtp -v\n"
9718
msgid "\nsmtp unix - - - - - smtp -v\n"
15408
9719
msgstr ""
15409
9720
15410
9721
#: serverguide/C/mail.xml:413(para)
15411
msgid ""
15412
"It is important to note that after making one of the logging changes above "
15413
"the <application>Postfix</application> process will need to be reloaded in "
15414
"order to recognize the new configuration: <command>sudo /etc/init.d/postfix "
15415
"reload</command>"
9722
msgid "It is important to note that after making one of the logging changes above the <application>Postfix</application> process will need to be reloaded in order to recognize the new configuration: <command>sudo /etc/init.d/postfix reload</command>"
15416
9723
msgstr ""
15417
9724
15418
9725
#: serverguide/C/mail.xml:420(para)
15419
msgid ""
15420
"To increase the amount of information logged when troubleshooting "
15421
"<emphasis>SASL</emphasis> issues you can set the following options in "
15422
"<filename>/etc/dovecot/dovecot.conf</filename>"
9726
msgid "To increase the amount of information logged when troubleshooting <emphasis>SASL</emphasis> issues you can set the following options in <filename>/etc/dovecot/dovecot.conf</filename>"
15423
9727
msgstr ""
15424
9728
15425
9729
#: serverguide/C/mail.xml:424(programlisting)
15426
9730
#, no-wrap
15427
msgid ""
15428
"\n"
15429
"auth_debug=yes\n"
15430
"auth_debug_passwords=yes\n"
9731
msgid "\nauth_debug=yes\nauth_debug_passwords=yes\n"
15431
9732
msgstr ""
15432
9733
15433
9734
#: serverguide/C/mail.xml:431(para)
15434
msgid ""
15435
"Just like <application>Postfix</application> if you change a "
15436
"<application>Dovecot</application> configuration the process will need to be "
15437
"reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
9735
msgid "Just like <application>Postfix</application> if you change a <application>Dovecot</application> configuration the process will need to be reloaded: <command>sudo /etc/init.d/dovecot reload</command>."
15438
9736
msgstr ""
15439
9737
15440
9738
#: serverguide/C/mail.xml:437(para)
15441
msgid ""
15442
"Some of the options above can drastically increase the amount of information "
15443
"sent to the log files. Remember to return the log level back to normal after "
15444
"you have corrected the problem. Then reload the appropriate daemon for the "
15445
"new configuration to take affect."
9739
msgid "Some of the options above can drastically increase the amount of information sent to the log files. Remember to return the log level back to normal after you have corrected the problem. Then reload the appropriate daemon for the new configuration to take affect."
15446
9740
msgstr ""
15447
9741
15448
9742
#: serverguide/C/mail.xml:445(para)
15449
msgid ""
15450
"Administering a <application>Postfix</application> server can be a very "
15451
"complicated task. At some point you may need to turn to the Ubuntu community "
15452
"for more experienced help."
9743
msgid "Administering a <application>Postfix</application> server can be a very complicated task. At some point you may need to turn to the Ubuntu community for more experienced help."
15453
9744
msgstr ""
15454
9745
15455
9746
#: serverguide/C/mail.xml:449(para)
15456
msgid ""
15457
"A great place to ask for <application>Postfix</application> assistance, and "
15458
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
15459
"server</emphasis> IRC channel on <ulink "
15460
"url=\"http://freenode.net\">freenode</ulink>. You can also post a message to "
15461
"one of the <ulink "
15462
"url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
9747
msgid "A great place to ask for <application>Postfix</application> assistance, and get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>. You can also post a message to one of the <ulink url=\"http://www.ubuntu.com/support/community/webforums\">Web Forums</ulink>."
15463
9748
msgstr ""
15464
9749
15465
9750
#: serverguide/C/mail.xml:454(para)
15466
msgid ""
15467
"For in depth <application>Postfix</application> information Ubuntu "
15468
"developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The "
15469
"Book of Postfix</ulink>."
9751
msgid "For in depth <application>Postfix</application> information Ubuntu developers highly recommend: <ulink url=\"http://www.postfix-book.com/\">The Book of Postfix</ulink>."
15470
9752
msgstr ""
15471
9753
15472
9754
#: serverguide/C/mail.xml:458(para)
15473
msgid ""
15474
"Finally, the <ulink "
15475
"url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website "
15476
"also has great documentation on all the different configuration options "
15477
"available."
9755
msgid "Finally, the <ulink url=\"http://www.postfix.org/documentation.html\">Postfix</ulink> website also has great documentation on all the different configuration options available."
15478
9756
msgstr ""
15479
9757
15480
9758
#: serverguide/C/mail.xml:467(title) serverguide/C/mail.xml:844(title) serverguide/C/mail.xml:960(title)
15482
9760
msgstr ""
15483
9761
15484
9762
#: serverguide/C/mail.xml:468(para)
15485
msgid ""
15486
"<application>Exim4</application> is another Message Transfer Agent (MTA) "
15487
"developed at the University of Cambridge for use on Unix systems connected "
15488
"to the Internet. Exim can be installed in place of "
15489
"<application>sendmail</application>, although the configuration of "
15490
"<application>exim</application> is quite different to that of "
15491
"<application>sendmail</application>."
9763
msgid "<application>Exim4</application> is another Message Transfer Agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. Exim can be installed in place of <application>sendmail</application>, although the configuration of <application>exim</application> is quite different to that of <application>sendmail</application>."
15492
9764
msgstr ""
15493
9765
15494
9766
#: serverguide/C/mail.xml:479(para)
15495
msgid ""
15496
"To install <application>exim4</application>, run the following command: "
15497
"<screen>\n"
15498
"<command>sudo apt-get install exim4</command>\n"
15499
"</screen>"
9767
msgid "To install <application>exim4</application>, run the following command: <screen>\n<command>sudo apt-get install exim4</command>\n</screen>"
15500
9768
msgstr ""
15501
9769
15502
9770
#: serverguide/C/mail.xml:488(para)
15503
msgid ""
15504
"To configure <application>Exim4</application>, run the following command:"
9771
msgid "To configure <application>Exim4</application>, run the following command:"
15505
9772
msgstr ""
15506
9773
15507
9774
#: serverguide/C/mail.xml:492(command)
15509
9776
msgstr ""
15510
9777
15511
9778
#: serverguide/C/mail.xml:494(para)
15512
msgid ""
15513
"The user interface will be displayed. The user interface lets you configure "
15514
"many parameters. For example, In <application>Exim4</application> the "
15515
"configuration files are split among multiple files. If you wish to have them "
15516
"in one file you can configure accordingly in this user interface."
9779
msgid "The user interface will be displayed. The user interface lets you configure many parameters. For example, In <application>Exim4</application> the configuration files are split among multiple files. If you wish to have them in one file you can configure accordingly in this user interface."
15517
9780
msgstr ""
15518
9781
15519
9782
#: serverguide/C/mail.xml:502(para)
15520
msgid ""
15521
"All the parameters you configure in the user interface are stored in "
15522
"<filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to "
15523
"re-configure, either you re-run the configuration wizard or manually edit "
15524
"this file using your favorite editor. Once you configure, you can run the "
15525
"following command to generate the master configuration file:"
9783
msgid "All the parameters you configure in the user interface are stored in <filename>/etc/exim4/update-exim4.conf.conf</filename> file. If you wish to re-configure, either you re-run the configuration wizard or manually edit this file using your favorite editor. Once you configure, you can run the following command to generate the master configuration file:"
15526
9784
msgstr ""
15527
9785
15528
9786
#: serverguide/C/mail.xml:513(command) serverguide/C/mail.xml:586(command)
15530
9788
msgstr ""
15531
9789
15532
9790
#: serverguide/C/mail.xml:515(para)
15533
msgid ""
15534
"The master configuration file, is generated and it is stored in "
15535
"<filename>/var/lib/exim4/config.autogenerated</filename>."
9791
msgid "The master configuration file, is generated and it is stored in <filename>/var/lib/exim4/config.autogenerated</filename>."
15536
9792
msgstr ""
15537
9793
15538
9794
#: serverguide/C/mail.xml:521(para)
15539
msgid ""
15540
"At any time, you should not edit the master configuration file, "
15541
"<filename>/var/lib/exim4/config.autogenerated</filename> manually. It is "
15542
"updated automatically every time you run <command>update-exim4.conf</command>"
9795
msgid "At any time, you should not edit the master configuration file, <filename>/var/lib/exim4/config.autogenerated</filename> manually. It is updated automatically every time you run <command>update-exim4.conf</command>"
15543
9796
msgstr ""
15544
9797
15545
9798
#: serverguide/C/mail.xml:529(para)
15546
msgid ""
15547
"You can run the following command to start <application>Exim4</application> "
15548
"daemon."
9799
msgid "You can run the following command to start <application>Exim4</application> daemon."
15549
9800
msgstr ""
15550
9801
15551
9802
#: serverguide/C/mail.xml:534(command) serverguide/C/mail.xml:966(command)
15553
9804
msgstr ""
15554
9805
15555
9806
#: serverguide/C/mail.xml:539(para)
15556
msgid ""
15557
"This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
9807
msgid "This section covers configuring Exim4 to use SMTP-AUTH with TLS and SASL."
15558
9808
msgstr ""
15559
9809
15560
9810
#: serverguide/C/mail.xml:542(para)
15561
msgid ""
15562
"The first step is to create a certificate for use with TLS. Enter the "
15563
"following into a terminal prompt:"
9811
msgid "The first step is to create a certificate for use with TLS. Enter the following into a terminal prompt:"
15564
9812
msgstr ""
15565
9813
15566
9814
#: serverguide/C/mail.xml:546(command)
15568
9816
msgstr ""
15569
9817
15570
9818
#: serverguide/C/mail.xml:548(para)
15571
msgid ""
15572
"Now Exim4 needs to be configured for TLS by editing "
15573
"<filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add "
15574
"the following:"
9819
msgid "Now Exim4 needs to be configured for TLS by editing <filename>/etc/exim4/conf.d/main/03_exim4-config_tlsoptions</filename> add the following:"
15575
9820
msgstr ""
15576
9821
15577
9822
#: serverguide/C/mail.xml:552(programlisting)
15578
9823
#, no-wrap
15579
msgid ""
15580
"\n"
15581
"MAIN_TLS_ENABLE = yes\n"
9824
msgid "\nMAIN_TLS_ENABLE = yes\n"
15582
9825
msgstr ""
15583
9826
15584
9827
#: serverguide/C/mail.xml:555(para)
15585
msgid ""
15586
"Next you need to configure <application>Exim4</application> to use the "
15587
"<application>saslauthd</application> for authentication. Edit "
15588
"<filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and "
15589
"uncomment the <emphasis>plain_saslauthd_server</emphasis> and "
15590
"<emphasis>login_saslauthd_server</emphasis> sections:"
9828
msgid "Next you need to configure <application>Exim4</application> to use the <application>saslauthd</application> for authentication. Edit <filename>/etc/exim4/conf.d/auth/30_exim4-config_examples</filename> and uncomment the <emphasis>plain_saslauthd_server</emphasis> and <emphasis>login_saslauthd_server</emphasis> sections:"
15591
9829
msgstr ""
15592
9830
15593
9831
#: serverguide/C/mail.xml:560(programlisting)
15594
9832
#, no-wrap
15595
msgid ""
15596
"\n"
15597
" plain_saslauthd_server:\n"
15598
" driver = plaintext\n"
15599
" public_name = PLAIN\n"
15600
" server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n"
15601
" server_set_id = $auth2\n"
15602
" server_prompts = :\n"
15603
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
15604
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
15605
" .endif\n"
15606
"#\n"
15607
" login_saslauthd_server:\n"
15608
" driver = plaintext\n"
15609
" public_name = LOGIN\n"
15610
" server_prompts = \"Username:: : Password::\"\n"
15611
" # don't send system passwords over unencrypted connections\n"
15612
" server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n"
15613
" server_set_id = $auth1\n"
15614
" .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n"
15615
" server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n"
15616
" .endif\n"
9833
msgid "\n plain_saslauthd_server:\n driver = plaintext\n public_name = PLAIN\n server_condition = ${if saslauthd{{$auth2}{$auth3}}{1}{0}}\n server_set_id = $auth2\n server_prompts = :\n .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n .endif\n#\n login_saslauthd_server:\n driver = plaintext\n public_name = LOGIN\n server_prompts = \"Username:: : Password::\"\n # don't send system passwords over unencrypted connections\n server_condition = ${if saslauthd{{$auth1}{$auth2}}{1}{0}}\n server_set_id = $auth1\n .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS\n server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}\n .endif\n"
15617
9834
msgstr ""
15618
9835
15619
9836
#: serverguide/C/mail.xml:582(para)
15625
9842
msgstr ""
15626
9843
15627
9844
#: serverguide/C/mail.xml:592(para)
15628
msgid ""
15629
"This section provides details on configuring the saslauthd to provide "
15630
"authentication for <application>Exim4</application>."
9845
msgid "This section provides details on configuring the saslauthd to provide authentication for <application>Exim4</application>."
15631
9846
msgstr ""
15632
9847
15633
9848
#: serverguide/C/mail.xml:595(para)
15634
msgid ""
15635
"The first step is to install the sasl2-bin package. From a terminal prompt "
15636
"enter the following:"
9849
msgid "The first step is to install the sasl2-bin package. From a terminal prompt enter the following:"
15637
9850
msgstr ""
15638
9851
15639
9852
#: serverguide/C/mail.xml:599(command)
15641
9854
msgstr ""
15642
9855
15643
9856
#: serverguide/C/mail.xml:601(para)
15644
msgid ""
15645
"To configure saslauthd edit the /etc/default/saslauthd configuration file "
15646
"and set START=no to:"
9857
msgid "To configure saslauthd edit the /etc/default/saslauthd configuration file and set START=no to:"
15647
9858
msgstr ""
15648
9859
15649
9860
#: serverguide/C/mail.xml:604(programlisting)
15650
9861
#, no-wrap
15651
msgid ""
15652
"\n"
15653
"START=yes\n"
9862
msgid "\nSTART=yes\n"
15654
9863
msgstr ""
15655
9864
15656
9865
#: serverguide/C/mail.xml:607(para)
15657
msgid ""
15658
"Next the <emphasis>Debian-exim</emphasis> user needs to be part of the "
15659
"<emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd "
15660
"service:"
9866
msgid "Next the <emphasis>Debian-exim</emphasis> user needs to be part of the <emphasis>sasl</emphasis> group in order for Exim4 to use the saslauthd service:"
15661
9867
msgstr ""
15662
9868
15663
9869
#: serverguide/C/mail.xml:612(command)
15673
9879
msgstr ""
15674
9880
15675
9881
#: serverguide/C/mail.xml:620(para)
15676
msgid ""
15677
"<application>Exim4</application> is now configured with SMTP-AUTH using TLS "
15678
"and SASL authentication."
9882
msgid "<application>Exim4</application> is now configured with SMTP-AUTH using TLS and SASL authentication."
15679
9883
msgstr ""
15680
9884
15681
9885
#: serverguide/C/mail.xml:629(para)
15682
msgid ""
15683
"See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more "
15684
"information."
9886
msgid "See <ulink url=\"http://www.exim.org/\">exim.org</ulink> for more information."
15685
9887
msgstr ""
15686
9888
15687
9889
#: serverguide/C/mail.xml:634(para)
15688
msgid ""
15689
"There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-"
15690
"server\">Exim4 Book</ulink> available."
9890
msgid "There is also an <ulink url=\"http://www.uit.co.uk/content/exim-smtp-mail-server\">Exim4 Book</ulink> available."
15691
9891
msgstr ""
15692
9892
15693
9893
#: serverguide/C/mail.xml:643(title)
15695
9895
msgstr ""
15696
9896
15697
9897
#: serverguide/C/mail.xml:644(para)
15698
msgid ""
15699
"<application>Dovecot</application> is a Mail Delivery Agent, written with "
15700
"security primarily in mind. It supports the major mailbox formats: mbox or "
15701
"Maildir. This section explain how to set it up as an imap or pop3 server."
9898
msgid "<application>Dovecot</application> is a Mail Delivery Agent, written with security primarily in mind. It supports the major mailbox formats: mbox or Maildir. This section explain how to set it up as an imap or pop3 server."
15702
9899
msgstr ""
15703
9900
15704
9901
#: serverguide/C/mail.xml:652(para)
15705
msgid ""
15706
"To install <application>dovecot</application>, run the following command in "
15707
"the command prompt:"
9902
msgid "To install <application>dovecot</application>, run the following command in the command prompt:"
15708
9903
msgstr ""
15709
9904
15710
9905
#: serverguide/C/mail.xml:657(command)
15712
9907
msgstr ""
15713
9908
15714
9909
#: serverguide/C/mail.xml:662(para)
15715
msgid ""
15716
"To configure <application>dovecot</application>, you can edit the file "
15717
"<filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol "
15718
"you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap "
15719
"secure). A description of these protocols is beyond the scope of this guide. "
15720
"For further information, refer to the Wikipedia articles on <ulink "
15721
"url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink "
15722
"url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</u"
15723
"link>."
9910
msgid "To configure <application>dovecot</application>, you can edit the file <filename>/etc/dovecot/dovecot.conf</filename>. You can choose the protocol you use. It could be pop3, pop3s (pop3 secure), imap and imaps (imap secure). A description of these protocols is beyond the scope of this guide. For further information, refer to the Wikipedia articles on <ulink url=\"http://en.wikipedia.org/wiki/POP3\">POP3</ulink> and <ulink url=\"http://en.wikipedia.org/wiki/Internet_Message_Access_Protocol\">IMAP</ulink>."
15724
9911
msgstr ""
15725
9912
15726
9913
#: serverguide/C/mail.xml:672(para)
15727
msgid ""
15728
"IMAPS and POP3S are more secure that the simple IMAP and POP3 because they "
15729
"use SSL encryption to connect. Once you have chosen the protocol, amend the "
15730
"following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
9914
msgid "IMAPS and POP3S are more secure that the simple IMAP and POP3 because they use SSL encryption to connect. Once you have chosen the protocol, amend the following line in the file <filename>/etc/dovecot/dovecot.conf</filename>:"
15731
9915
msgstr ""
15732
9916
15733
9917
#: serverguide/C/mail.xml:678(programlisting)
15734
9918
#, no-wrap
15735
msgid ""
15736
"\n"
15737
"protocols = pop3 pop3s imap imaps\n"
9919
msgid "\nprotocols = pop3 pop3s imap imaps\n"
15738
9920
msgstr ""
15739
9921
15740
9922
#: serverguide/C/mail.xml:681(para)
15741
msgid ""
15742
"Next, choose the mailbox you would like to use. "
15743
"<application>Dovecot</application> supports <emphasis "
15744
"role=\"strong\">maildir</emphasis> and <emphasis "
15745
"role=\"strong\">mbox</emphasis> formats. These are the most commonly used "
15746
"mailbox formats. They both have their own benefits and are discussed on "
15747
"<ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web "
15748
"site</ulink>."
9923
msgid "Next, choose the mailbox you would like to use. <application>Dovecot</application> supports <emphasis role=\"strong\">maildir</emphasis> and <emphasis role=\"strong\">mbox</emphasis> formats. These are the most commonly used mailbox formats. They both have their own benefits and are discussed on <ulink url=\"http://wiki.dovecot.org/MailboxFormat\">the Dovecot web site</ulink>."
15749
9924
msgstr ""
15750
9925
15751
9926
#: serverguide/C/mail.xml:689(para)
15752
msgid ""
15753
"Once you have chosen your mailbox type, edit the file "
15754
"<filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
9927
msgid "Once you have chosen your mailbox type, edit the file <filename>/etc/dovecot/dovecot.conf</filename> and change the following line:"
15755
9928
msgstr ""
15756
9929
15757
9930
#: serverguide/C/mail.xml:694(programlisting)
15758
9931
#, no-wrap
15759
msgid ""
15760
"\n"
15761
"mail_location = maildir:~/Maildir # (for maildir)\n"
15762
"or\n"
15763
"mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
9932
msgid "\nmail_location = maildir:~/Maildir # (for maildir)\nor\nmail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)\n"
15764
9933
msgstr ""
15765
9934
15766
9935
#: serverguide/C/mail.xml:700(para)
15767
msgid ""
15768
"You should configure your Mail Transport Agent (MTA) to transfer the "
15769
"incoming mail to this type of mailbox if it is different from the one you "
15770
"have configured."
9936
msgid "You should configure your Mail Transport Agent (MTA) to transfer the incoming mail to this type of mailbox if it is different from the one you have configured."
15771
9937
msgstr ""
15772
9938
15773
9939
#: serverguide/C/mail.xml:706(para)
15774
msgid ""
15775
"Once you have configured dovecot, restart the "
15776
"<application>dovecot</application> daemon in order to test your setup:"
9940
msgid "Once you have configured dovecot, restart the <application>dovecot</application> daemon in order to test your setup:"
15777
9941
msgstr ""
15778
9942
15779
9943
#: serverguide/C/mail.xml:715(para)
15780
msgid ""
15781
"If you have enabled imap, or pop3, you can also try to log in with the "
15782
"commands <command>telnet localhost pop3</command> or <command>telnet "
15783
"localhost imap2</command>. If you see something like the following, the "
15784
"installation has been successful:"
9944
msgid "If you have enabled imap, or pop3, you can also try to log in with the commands <command>telnet localhost pop3</command> or <command>telnet localhost imap2</command>. If you see something like the following, the installation has been successful:"
15785
9945
msgstr ""
15786
9946
15787
9947
#: serverguide/C/mail.xml:722(programlisting)
15788
9948
#, no-wrap
15789
msgid ""
15790
"\n"
15791
"bhuvan@rainbow:~$ telnet localhost pop3\n"
15792
"Trying 127.0.0.1...\n"
15793
"Connected to localhost.localdomain.\n"
15794
"Escape character is '^]'.\n"
15795
"+OK Dovecot ready.\n"
9949
msgid "\nbhuvan@rainbow:~$ telnet localhost pop3\nTrying 127.0.0.1...\nConnected to localhost.localdomain.\nEscape character is '^]'.\n+OK Dovecot ready.\n"
15796
9950
msgstr ""
15797
9951
15798
9952
#: serverguide/C/mail.xml:731(title)
15800
9954
msgstr ""
15801
9955
15802
9956
#: serverguide/C/mail.xml:732(para)
15803
msgid ""
15804
"To configure <application>dovecot</application> to use SSL, you can edit the "
15805
"file <filename>/etc/dovecot/dovecot.conf</filename> and amend following "
15806
"lines:"
9957
msgid "To configure <application>dovecot</application> to use SSL, you can edit the file <filename>/etc/dovecot/dovecot.conf</filename> and amend following lines:"
15807
9958
msgstr ""
15808
9959
15809
9960
#: serverguide/C/mail.xml:737(programlisting)
15810
9961
#, no-wrap
15811
msgid ""
15812
"\n"
15813
"ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\n"
15814
"ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\n"
15815
"ssl_disable = no\n"
15816
"disable_plaintext_auth = no\n"
9962
msgid "\nssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem\nssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key\nssl_disable = no\ndisable_plaintext_auth = no\n"
15817
9963
msgstr ""
15818
9964
15819
9965
#: serverguide/C/mail.xml:743(para)
15820
msgid ""
15821
"You can get the SSL certificate from a Certificate Issuing Authority or you "
15822
"can create self signed SSL certificate. The latter is a good option for "
15823
"email, because SMTP clients rarely complain about \"self-signed "
15824
"certificates\". Please refer to <xref linkend=\"certificates-and-"
15825
"security\"/> for details about how to create self signed SSL certificate. "
15826
"Once you create the certificate, you will have a key file and a certificate "
15827
"file. Please copy them to the location pointed in the "
15828
"<filename>/etc/dovecot/dovecot.conf</filename> configuration file."
9966
msgid "You can get the SSL certificate from a Certificate Issuing Authority or you can create self signed SSL certificate. The latter is a good option for email, because SMTP clients rarely complain about \"self-signed certificates\". Please refer to <xref linkend=\"certificates-and-security\"/> for details about how to create self signed SSL certificate. Once you create the certificate, you will have a key file and a certificate file. Please copy them to the location pointed in the <filename>/etc/dovecot/dovecot.conf</filename> configuration file."
15829
9967
msgstr ""
15830
9968
15831
9969
#: serverguide/C/mail.xml:758(title)
15849
9987
msgstr ""
15850
9988
15851
9989
#: serverguide/C/mail.xml:759(para)
15852
msgid ""
15853
"To access your mail server from another computer, you must configure your "
15854
"firewall to allow connections to the server on the necessary ports. "
15855
"<placeholder-1/>"
9990
msgid "To access your mail server from another computer, you must configure your firewall to allow connections to the server on the necessary ports. <placeholder-1/>"
15856
9991
msgstr ""
15857
9992
15858
9993
#: serverguide/C/mail.xml:776(para)
15859
msgid ""
15860
"See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for "
15861
"more information."
9994
msgid "See the <ulink url=\"http://www.dovecot.org/\">Dovecot website</ulink> for more information."
15862
9995
msgstr ""
15863
9996
15864
9997
#: serverguide/C/mail.xml:785(title) serverguide/C/mail.xml:862(title) serverguide/C/mail.xml:1085(title)
15866
9999
msgstr ""
15867
10000
15868
10001
#: serverguide/C/mail.xml:786(para)
15869
msgid ""
15870
"Mailman is an open source program for managing electronic mail discussions "
15871
"and e-newsletter lists. Many open source mailing lists (including all the "
15872
"<ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use "
15873
"Mailman as their mailing list software. It is powerful and easy to install "
15874
"and maintain."
10002
msgid "Mailman is an open source program for managing electronic mail discussions and e-newsletter lists. Many open source mailing lists (including all the <ulink url=\"http://lists.ubuntu.com\">Ubuntu mailing lists</ulink>) use Mailman as their mailing list software. It is powerful and easy to install and maintain."
15875
10003
msgstr ""
15876
10004
15877
10005
#: serverguide/C/mail.xml:796(para)
15878
msgid ""
15879
"Mailman provides a web interface for the administrators and users, using an "
15880
"external mail server to send and receive emails. It works perfectly with the "
15881
"following mail servers:"
10006
msgid "Mailman provides a web interface for the administrators and users, using an external mail server to send and receive emails. It works perfectly with the following mail servers:"
15882
10007
msgstr ""
15883
10008
15884
10009
#: serverguide/C/mail.xml:807(application)
15894
10019
msgstr ""
15895
10020
15896
10021
#: serverguide/C/mail.xml:818(para)
15897
msgid ""
15898
"We will see how to install and configure Mailman with, the Apache web "
15899
"server, and either the Postfix or Exim mail server. If you wish to install "
15900
"Mailman with a different mail server, please refer to the references section."
10022
msgid "We will see how to install and configure Mailman with, the Apache web server, and either the Postfix or Exim mail server. If you wish to install Mailman with a different mail server, please refer to the references section."
15901
10023
msgstr ""
15902
10024
15903
10025
#: serverguide/C/mail.xml:825(para)
15904
msgid ""
15905
"You only need to install one mail server and "
15906
"<application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
10026
msgid "You only need to install one mail server and <application>Postfix</application> is the default Ubuntu Mail Transfer Agent."
15907
10027
msgstr ""
15908
10028
15909
10029
#: serverguide/C/mail.xml:830(title) serverguide/C/mail.xml:889(title)
15911
10031
msgstr ""
15912
10032
15913
10033
#: serverguide/C/mail.xml:831(para)
15914
msgid ""
15915
"To install apache2 you refer to <ulink url=\"./web-servers.xml#http-"
15916
"installation\">HTTPD Installation</ulink> section for details."
10034
msgid "To install apache2 you refer to <ulink url=\"./web-servers.xml#http-installation\">HTTPD Installation</ulink> section for details."
15917
10035
msgstr ""
15918
10036
15919
10037
#: serverguide/C/mail.xml:839(para)
15920
msgid ""
15921
"For instructions on installing and configuring Postfix refer to <xref "
15922
"linkend=\"postfix\"/>"
10038
msgid "For instructions on installing and configuring Postfix refer to <xref linkend=\"postfix\"/>"
15923
10039
msgstr ""
15924
10040
15925
10041
#: serverguide/C/mail.xml:845(para)
15931
10047
msgstr ""
15932
10048
15933
10049
#: serverguide/C/mail.xml:848(para)
15934
msgid ""
15935
"Once exim4 is installed, the configuration files are stored in the "
15936
"<filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 "
15937
"configuration files are split across different files. You can change this "
15938
"behavior by changing the following variable in the "
15939
"<filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
10050
msgid "Once exim4 is installed, the configuration files are stored in the <filename>/etc/exim4</filename> directory. In Ubuntu, by default, the exim4 configuration files are split across different files. You can change this behavior by changing the following variable in the <filename>/etc/exim4/update-exim4.conf</filename> file: <placeholder-1/>"
15940
10051
msgstr ""
15941
10052
15942
10053
#: serverguide/C/mail.xml:863(para)
15943
msgid ""
15944
"To install <application>Mailman</application>, run following command at a "
15945
"terminal prompt:"
10054
msgid "To install <application>Mailman</application>, run following command at a terminal prompt:"
15946
10055
msgstr ""
15947
10056
15948
10057
#: serverguide/C/mail.xml:867(command)
15950
10059
msgstr ""
15951
10060
15952
10061
#: serverguide/C/mail.xml:869(para)
15953
msgid ""
15954
"It copies the installation files in "
15955
"<application>/var/lib/mailman</application> directory. It installs the CGI "
15956
"scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It "
15957
"creates <emphasis>list</emphasis> linux user. It creates the "
15958
"<emphasis>list</emphasis> linux group. The mailman process will be owned by "
15959
"this user."
10062
msgid "It copies the installation files in <application>/var/lib/mailman</application> directory. It installs the CGI scripts in <application>/usr/lib/cgi-bin/mailman</application> directory. It creates <emphasis>list</emphasis> linux user. It creates the <emphasis>list</emphasis> linux group. The mailman process will be owned by this user."
15960
10063
msgstr ""
15961
10064
15962
10065
#: serverguide/C/mail.xml:881(para)
15963
msgid ""
15964
"This section assumes you have successfully installed "
15965
"<application>mailman</application>, <application>apache2</application>, and "
15966
"<application>postfix</application> or <application>exim4</application>. Now "
15967
"you just need to configure them."
10066
msgid "This section assumes you have successfully installed <application>mailman</application>, <application>apache2</application>, and <application>postfix</application> or <application>exim4</application>. Now you just need to configure them."
15968
10067
msgstr ""
15969
10068
15970
10069
#: serverguide/C/mail.xml:890(para)
15971
msgid ""
15972
"An example Apache configuration file comes with "
15973
"<application>Mailman</application> and is placed in "
15974
"<filename>/etc/mailman/apache.conf</filename>. In order for Apache to use "
15975
"the config file it needs to be copied to <filename>/etc/apache2/sites-"
15976
"available</filename>:"
10070
msgid "An example Apache configuration file comes with <application>Mailman</application> and is placed in <filename>/etc/mailman/apache.conf</filename>. In order for Apache to use the config file it needs to be copied to <filename>/etc/apache2/sites-available</filename>:"
15977
10071
msgstr ""
15978
10072
15979
10073
#: serverguide/C/mail.xml:896(command)
15980
msgid ""
15981
"sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
10074
msgid "sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf"
15982
10075
msgstr ""
15983
10076
15984
10077
#: serverguide/C/mail.xml:898(para)
15985
msgid ""
15986
"This will setup a new Apache <emphasis>VirtualHost</emphasis> for the "
15987
"Mailman administration site. Now enable the new configuration and restart "
15988
"Apache:"
10078
msgid "This will setup a new Apache <emphasis>VirtualHost</emphasis> for the Mailman administration site. Now enable the new configuration and restart Apache:"
15989
10079
msgstr ""
15990
10080
15991
10081
#: serverguide/C/mail.xml:903(command)
15993
10083
msgstr ""
15994
10084
15995
10085
#: serverguide/C/mail.xml:906(para)
15996
msgid ""
15997
"Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are "
15998
"installed in the <application>/usr/lib/cgi-bin/mailman</application> "
15999
"directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You "
16000
"can make changes to the <filename>/etc/apache2/sites-"
16001
"available/mailman.conf</filename> file if you wish to change this behavior."
10086
msgid "Mailman uses apache2 to render its CGI scripts. The mailman CGI scripts are installed in the <application>/usr/lib/cgi-bin/mailman</application> directory. So, the mailman url will be http://hostname/cgi-bin/mailman/. You can make changes to the <filename>/etc/apache2/sites-available/mailman.conf</filename> file if you wish to change this behavior."
16002
10087
msgstr ""
16003
10088
16004
10089
#: serverguide/C/mail.xml:917(para)
16005
msgid ""
16006
"For <application>Postfix</application> integration, we will associate the "
16007
"domain lists.example.com with the mailing lists. Please replace "
16008
"<emphasis>lists.example.com</emphasis> with the domain of your choosing."
10090
msgid "For <application>Postfix</application> integration, we will associate the domain lists.example.com with the mailing lists. Please replace <emphasis>lists.example.com</emphasis> with the domain of your choosing."
16009
10091
msgstr ""
16010
10092
16011
10093
#: serverguide/C/mail.xml:921(para)
16012
msgid ""
16013
"You can use the postconf command to add the necessary configuration to "
16014
"<filename>/etc/postfix/main.cf</filename>:"
10094
msgid "You can use the postconf command to add the necessary configuration to <filename>/etc/postfix/main.cf</filename>:"
16015
10095
msgstr ""
16016
10096
16017
10097
#: serverguide/C/mail.xml:925(command)
16027
10107
msgstr ""
16028
10108
16029
10109
#: serverguide/C/mail.xml:929(para)
16030
msgid ""
16031
"In <filename>/etc/postfix/master.cf</filename> double check that you have "
16032
"the following transport:"
10110
msgid "In <filename>/etc/postfix/master.cf</filename> double check that you have the following transport:"
16033
10111
msgstr ""
16034
10112
16035
10113
#: serverguide/C/mail.xml:932(programlisting)
16036
10114
#, no-wrap
16037
msgid ""
16038
"\n"
16039
"mailman unix - n n - - pipe\n"
16040
" flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n"
16041
" ${nexthop} ${user}\n"
10115
msgid "\nmailman unix - n n - - pipe\n flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py\n ${nexthop} ${user}\n"
16042
10116
msgstr ""
16043
10117
16044
10118
#: serverguide/C/mail.xml:937(para)
16045
msgid ""
16046
"It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail "
16047
"is delivered to a list."
10119
msgid "It calls the <emphasis>postfix-to-mailman.py</emphasis> script when a mail is delivered to a list."
16048
10120
msgstr ""
16049
10121
16050
10122
#: serverguide/C/mail.xml:940(para)
16051
msgid ""
16052
"Associate the domain lists.example.com to the Mailman transport with the "
16053
"transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
10123
msgid "Associate the domain lists.example.com to the Mailman transport with the transport map. Edit the file <filename>/etc/postfix/transport</filename>:"
16054
10124
msgstr ""
16055
10125
16056
10126
#: serverguide/C/mail.xml:943(programlisting)
16057
10127
#, no-wrap
16058
msgid ""
16059
"\n"
16060
"lists.example.com mailman:\n"
10128
msgid "\nlists.example.com mailman:\n"
16061
10129
msgstr ""
16062
10130
16063
10131
#: serverguide/C/mail.xml:946(para)
16064
msgid ""
16065
"Now have <application>Postfix</application> build the transport map by "
16066
"entering the following from a terminal prompt:"
10132
msgid "Now have <application>Postfix</application> build the transport map by entering the following from a terminal prompt:"
16067
10133
msgstr ""
16068
10134
16069
10135
#: serverguide/C/mail.xml:950(command)
16075
10141
msgstr ""
16076
10142
16077
10143
#: serverguide/C/mail.xml:961(para)
16078
msgid ""
16079
"Once Exim4 is installed, you can start the Exim server using the following "
16080
"command from a terminal prompt:"
10144
msgid "Once Exim4 is installed, you can start the Exim server using the following command from a terminal prompt:"
16081
10145
msgstr ""
16082
10146
16083
10147
#: serverguide/C/mail.xml:977(para) serverguide/C/mail.xml:992(title)
16093
10157
msgstr ""
16094
10158
16095
10159
#: serverguide/C/mail.xml:968(para)
16096
msgid ""
16097
"In order to make mailman work with Exim4, you need to configure Exim4. As "
16098
"mentioned earlier, by default, Exim4 uses multiple configuration files of "
16099
"different types. For details, please refer to the <ulink "
16100
"url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should "
16101
"add new a configuration file to the following configuration types: "
16102
"<placeholder-1/> Exim creates a master configuration file by sorting all "
16103
"these mini configuration files. So, the order of these configuration files "
16104
"is very important."
10160
msgid "In order to make mailman work with Exim4, you need to configure Exim4. As mentioned earlier, by default, Exim4 uses multiple configuration files of different types. For details, please refer to the <ulink url=\"http://www.exim.org\">Exim</ulink> web site. To run mailman, we should add new a configuration file to the following configuration types: <placeholder-1/> Exim creates a master configuration file by sorting all these mini configuration files. So, the order of these configuration files is very important."
16105
10161
msgstr ""
16106
10162
16107
10163
#: serverguide/C/mail.xml:999(programlisting)
16108
10164
#, no-wrap
16109
msgid ""
16110
"\n"
16111
"# start\n"
16112
"# Home dir for your Mailman installation -- aka Mailman's prefix\n"
16113
"# directory.\n"
16114
"# On Ubuntu this should be \"/var/lib/mailman\"\n"
16115
"# This is normally the same as ~mailman\n"
16116
"MM_HOME=/var/lib/mailman\n"
16117
"#\n"
16118
"# User and group for Mailman, should match your --with-mail-gid\n"
16119
"# switch to Mailman's configure script. Value is normally \"mailman\"\n"
16120
"MM_UID=list\n"
16121
"MM_GID=list\n"
16122
"#\n"
16123
"# Domains that your lists are in - colon separated list\n"
16124
"# you may wish to add these into local_domains as well\n"
16125
"domainlist mm_domains=hostname.com\n"
16126
"#\n"
16127
"# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"
16128
"#\n"
16129
"# These values are derived from the ones above and should not need\n"
16130
"# editing unless you have munged your mailman installation\n"
16131
"#\n"
16132
"# The path of the Mailman mail wrapper script\n"
16133
"MM_WRAP=MM_HOME/mail/mailman\n"
16134
"#\n"
16135
"# The path of the list config file (used as a required file when\n"
16136
"# verifying list addresses)\n"
16137
"MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n"
16138
"# end\n"
10165
msgid "\n# start\n# Home dir for your Mailman installation -- aka Mailman's prefix\n# directory.\n# On Ubuntu this should be \"/var/lib/mailman\"\n# This is normally the same as ~mailman\nMM_HOME=/var/lib/mailman\n#\n# User and group for Mailman, should match your --with-mail-gid\n# switch to Mailman's configure script. Value is normally \"mailman\"\nMM_UID=list\nMM_GID=list\n#\n# Domains that your lists are in - colon separated list\n# you may wish to add these into local_domains as well\ndomainlist mm_domains=hostname.com\n#\n# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n#\n# These values are derived from the ones above and should not need\n# editing unless you have munged your mailman installation\n#\n# The path of the Mailman mail wrapper script\nMM_WRAP=MM_HOME/mail/mailman\n#\n# The path of the list config file (used as a required file when\n# verifying list addresses)\nMM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck\n# end\n"
16139
10166
msgstr ""
16140
10167
16141
10168
#: serverguide/C/mail.xml:993(para)
16142
msgid ""
16143
"All the configuration files belonging to the main type are stored in the "
16144
"<filename>/etc/exim4/conf.d/main/</filename> directory. You can add the "
16145
"following content to a new file, named <filename>04_exim4-"
16146
"config_mailman</filename>: <placeholder-1/>"
10169
msgid "All the configuration files belonging to the main type are stored in the <filename>/etc/exim4/conf.d/main/</filename> directory. You can add the following content to a new file, named <filename>04_exim4-config_mailman</filename>: <placeholder-1/>"
16147
10170
msgstr ""
16148
10171
16149
10172
#: serverguide/C/mail.xml:1039(programlisting)
16150
10173
#, no-wrap
16151
msgid ""
16152
"\n"
16153
" mailman_transport:\n"
16154
" driver = pipe\n"
16155
" command = MM_WRAP \\\n"
16156
" '${if def:local_part_suffix \\\n"
16157
" {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} "
16158
"\\\n"
16159
" {post}}' \\\n"
16160
" $local_part\n"
16161
" current_directory = MM_HOME\n"
16162
" home_directory = MM_HOME\n"
16163
" user = MM_UID\n"
16164
" group = MM_GID\n"
10174
msgid "\n mailman_transport:\n driver = pipe\n command = MM_WRAP \\\n '${if def:local_part_suffix \\\n {${sg{$local_part_suffix}{-(\\\\w+)(\\\\+.*)?}{\\$1}}} \\\n {post}}' \\\n $local_part\n current_directory = MM_HOME\n home_directory = MM_HOME\n user = MM_UID\n group = MM_GID\n"
16165
10175
msgstr ""
16166
10176
16167
10177
#: serverguide/C/mail.xml:1033(para)
16168
msgid ""
16169
"All the configuration files belonging to transport type are stored in the "
16170
"<filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the "
16171
"following content to a new file named <filename> 40_exim4-"
16172
"config_mailman</filename>: <placeholder-1/>"
10178
msgid "All the configuration files belonging to transport type are stored in the <filename>/etc/exim4/conf.d/transport/</filename> directory. You can add the following content to a new file named <filename> 40_exim4-config_mailman</filename>: <placeholder-1/>"
16173
10179
msgstr ""
16174
10180
16175
10181
#: serverguide/C/mail.xml:1060(programlisting)
16176
10182
#, no-wrap
16177
msgid ""
16178
"\n"
16179
" mailman_router:\n"
16180
" driver = accept\n"
16181
" require_files = MM_HOME/lists/$local_part/config.pck\n"
16182
" local_part_suffix_optional\n"
16183
" local_part_suffix = -bounces : -bounces+* : \\\n"
16184
" -confirm+* : -join : -leave : \\\n"
16185
" -owner : -request : -admin\n"
16186
" transport = mailman_transport\n"
10183
msgid "\n mailman_router:\n driver = accept\n require_files = MM_HOME/lists/$local_part/config.pck\n local_part_suffix_optional\n local_part_suffix = -bounces : -bounces+* : \\\n -confirm+* : -join : -leave : \\\n -owner : -request : -admin\n transport = mailman_transport\n"
16187
10184
msgstr ""
16188
10185
16189
10186
#: serverguide/C/mail.xml:1056(para)
16190
msgid ""
16191
"All the configuration files belonging to router type are stored in the "
16192
"<filename>/etc/exim4/conf.d/router/</filename> directory. You can add the "
16193
"following content in to a new file named <filename>101_exim4-"
16194
"config_mailman</filename>: <placeholder-1/>"
10187
msgid "All the configuration files belonging to router type are stored in the <filename>/etc/exim4/conf.d/router/</filename> directory. You can add the following content in to a new file named <filename>101_exim4-config_mailman</filename>: <placeholder-1/>"
16195
10188
msgstr ""
16196
10189
16197
10190
#: serverguide/C/mail.xml:1073(para)
16198
msgid ""
16199
"The order of main and transport configuration files can be in any order. "
16200
"But, the order of router configuration files must be the same. This "
16201
"particular file must appear before the <application>200_exim4-"
16202
"config_primary</application> file. These two configuration files contain "
16203
"same type of information. The first file takes the precedence. For more "
16204
"details, please refer to the references section."
10191
msgid "The order of main and transport configuration files can be in any order. But, the order of router configuration files must be the same. This particular file must appear before the <application>200_exim4-config_primary</application> file. These two configuration files contain same type of information. The first file takes the precedence. For more details, please refer to the references section."
16205
10192
msgstr ""
16206
10193
16207
10194
#: serverguide/C/mail.xml:1086(para)
16208
msgid ""
16209
"Once mailman is installed, you can run it using the following command:"
10195
msgid "Once mailman is installed, you can run it using the following command:"
16210
10196
msgstr ""
16211
10197
16212
10198
#: serverguide/C/mail.xml:1090(command)
16214
10200
msgstr ""
16215
10201
16216
10202
#: serverguide/C/mail.xml:1092(para)
16217
msgid ""
16218
"Once mailman is installed, you should create the default mailing list. Run "
16219
"the following command to create the mailing list:"
10203
msgid "Once mailman is installed, you should create the default mailing list. Run the following command to create the mailing list:"
16220
10204
msgstr ""
16221
10205
16222
10206
#: serverguide/C/mail.xml:1098(command)
16225
10209
16226
10210
#: serverguide/C/mail.xml:1101(programlisting)
16227
10211
#, no-wrap
16228
msgid ""
16229
"\n"
16230
" Enter the email address of the person running the list: bhuvan at "
16231
"ubuntu.com\n"
16232
" Initial mailman password:\n"
16233
" To finish creating your mailing list, you must edit your "
16234
"<filename>/etc/aliases</filename> (or\n"
16235
" equivalent) file by adding the following lines, and possibly running the\n"
16236
" `newaliases' program:\n"
16237
"\n"
16238
" ## mailman mailing list\n"
16239
" mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n"
16240
" mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n"
16241
" mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n"
16242
" mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n"
16243
" mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n"
16244
" mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n"
16245
" mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n"
16246
" mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n"
16247
" mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe "
16248
"mailman\"\n"
16249
" mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe "
16250
"mailman\"\n"
16251
"\n"
16252
" Hit enter to notify mailman owner...\n"
16253
"\n"
16254
" # \n"
10212
msgid "\n Enter the email address of the person running the list: bhuvan at ubuntu.com\n Initial mailman password:\n To finish creating your mailing list, you must edit your <filename>/etc/aliases</filename> (or\n equivalent) file by adding the following lines, and possibly running the\n `newaliases' program:\n\n ## mailman mailing list\n mailman: \"|/var/lib/mailman/mail/mailman post mailman\"\n mailman-admin: \"|/var/lib/mailman/mail/mailman admin mailman\"\n mailman-bounces: \"|/var/lib/mailman/mail/mailman bounces mailman\"\n mailman-confirm: \"|/var/lib/mailman/mail/mailman confirm mailman\"\n mailman-join: \"|/var/lib/mailman/mail/mailman join mailman\"\n mailman-leave: \"|/var/lib/mailman/mail/mailman leave mailman\"\n mailman-owner: \"|/var/lib/mailman/mail/mailman owner mailman\"\n mailman-request: \"|/var/lib/mailman/mail/mailman request mailman\"\n mailman-subscribe: \"|/var/lib/mailman/mail/mailman subscribe mailman\"\n mailman-unsubscribe: \"|/var/lib/mailman/mail/mailman unsubscribe mailman\"\n\n Hit enter to notify mailman owner...\n\n # \n"
16255
10213
msgstr ""
16256
10214
16257
10215
#: serverguide/C/mail.xml:1124(para)
16258
msgid ""
16259
"We have configured either Postfix or Exim4 to recognize all emails from "
16260
"mailman. So, it is not mandatory to make any new entries in "
16261
"<filename>/etc/aliases</filename>. If you have made any changes to the "
16262
"configuration files, please ensure that you restart those services before "
16263
"continuing to next section."
10216
msgid "We have configured either Postfix or Exim4 to recognize all emails from mailman. So, it is not mandatory to make any new entries in <filename>/etc/aliases</filename>. If you have made any changes to the configuration files, please ensure that you restart those services before continuing to next section."
16264
10217
msgstr ""
16265
10218
16266
10219
#: serverguide/C/mail.xml:1132(para)
16267
msgid ""
16268
"The Exim4 does not use the above aliases to forward mails to Mailman, as it "
16269
"uses a <emphasis>discover</emphasis> approach. To suppress the aliases while "
16270
"creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman "
16271
"configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
10220
msgid "The Exim4 does not use the above aliases to forward mails to Mailman, as it uses a <emphasis>discover</emphasis> approach. To suppress the aliases while creating the list, you can add <emphasis>MTA=None</emphasis> line in Mailman configuration file, <filename>/etc/mailman/mm_cfg.py</filename>."
16272
10221
msgstr ""
16273
10222
16274
10223
#: serverguide/C/mail.xml:1143(title)
16276
10225
msgstr ""
16277
10226
16278
10227
#: serverguide/C/mail.xml:1144(para)
16279
msgid ""
16280
"We assume you have a default installation. The mailman cgi scripts are still "
16281
"in the <application>/usr/lib/cgi-bin/mailman/</application> directory. "
16282
"Mailman provides a web based administration facility. To access this page, "
16283
"point your browser to the following url:"
10228
msgid "We assume you have a default installation. The mailman cgi scripts are still in the <application>/usr/lib/cgi-bin/mailman/</application> directory. Mailman provides a web based administration facility. To access this page, point your browser to the following url:"
16284
10229
msgstr ""
16285
10230
16286
10231
#: serverguide/C/mail.xml:1152(para)
16288
10233
msgstr ""
16289
10234
16290
10235
#: serverguide/C/mail.xml:1156(para)
16291
msgid ""
16292
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16293
"screen. If you click the mailing list name, it will ask for your "
16294
"authentication password. If you enter the correct password, you will be able "
16295
"to change administrative settings of this mailing list. You can create a new "
16296
"mailing list using the command line utility "
16297
"(<command>/usr/sbin/newlist</command>). Alternatively, you can create a new "
16298
"mailing list using the web interface."
10236
msgid "The default mailing list, <emphasis>mailman</emphasis>, will appear in this screen. If you click the mailing list name, it will ask for your authentication password. If you enter the correct password, you will be able to change administrative settings of this mailing list. You can create a new mailing list using the command line utility (<command>/usr/sbin/newlist</command>). Alternatively, you can create a new mailing list using the web interface."
16299
10237
msgstr ""
16300
10238
16301
10239
#: serverguide/C/mail.xml:1169(title)
16303
10241
msgstr ""
16304
10242
16305
10243
#: serverguide/C/mail.xml:1170(para)
16306
msgid ""
16307
"Mailman provides a web based interface for users. To access this page, point "
16308
"your browser to the following url:"
10244
msgid "Mailman provides a web based interface for users. To access this page, point your browser to the following url:"
16309
10245
msgstr ""
16310
10246
16311
10247
#: serverguide/C/mail.xml:1175(para)
16313
10249
msgstr ""
16314
10250
16315
10251
#: serverguide/C/mail.xml:1179(para)
16316
msgid ""
16317
"The default mailing list, <emphasis>mailman</emphasis>, will appear in this "
16318
"screen. If you click the mailing list name, it will display the subscription "
16319
"form. You can enter your email address, name (optional), and password to "
16320
"subscribe. An email invitation will be sent to you. You can follow the "
16321
"instructions in the email to subscribe."
10252
msgid "The default mailing list, <emphasis>mailman</emphasis>, will appear in this screen. If you click the mailing list name, it will display the subscription form. You can enter your email address, name (optional), and password to subscribe. An email invitation will be sent to you. You can follow the instructions in the email to subscribe."
16322
10253
msgstr ""
16323
10254
16324
10255
#: serverguide/C/mail.xml:1191(ulink)
16334
10265
msgstr ""
16335
10266
16336
10267
#: serverguide/C/mail.xml:1202(para)
16337
msgid ""
16338
"One of the largest issues with email today is the problem of Unsolicited "
16339
"Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses "
16340
"and other forms of malware. According to some reports these messages make up "
16341
"the bulk of all email traffic on the Internet."
10268
msgid "One of the largest issues with email today is the problem of Unsolicited Bulk Email (UBE). Also known as SPAM, such messages may also carry viruses and other forms of malware. According to some reports these messages make up the bulk of all email traffic on the Internet."
16342
10269
msgstr ""
16343
10270
16344
10271
#: serverguide/C/mail.xml:1207(para)
16345
msgid ""
16346
"This section will cover integrating <application>Amavisd-new</application>, "
16347
"<application>Spamassassin</application>, and "
16348
"<application>ClamAV</application> with the "
16349
"<application>Postfix</application> Mail Transport Agent (MTA). "
16350
"<application>Postfix</application> can also check email validity by passing "
16351
"it through external content filters. These filters can sometimes determine "
16352
"if a message is spam without needing to process it with more resource "
16353
"intensive applications. Two common filters are <application>dkim-"
16354
"filter</application> and <application>python-policyd-spf</application>."
10272
msgid "This section will cover integrating <application>Amavisd-new</application>, <application>Spamassassin</application>, and <application>ClamAV</application> with the <application>Postfix</application> Mail Transport Agent (MTA). <application>Postfix</application> can also check email validity by passing it through external content filters. These filters can sometimes determine if a message is spam without needing to process it with more resource intensive applications. Two common filters are <application>dkim-filter</application> and <application>python-policyd-spf</application>."
16355
10273
msgstr ""
16356
10274
16357
10275
#: serverguide/C/mail.xml:1217(para)
16358
msgid ""
16359
"<application>Amavisd-new</application> is a wrapper program that can call "
16360
"any number of content filtering programs for spam detection, antivirus, etc."
10276
msgid "<application>Amavisd-new</application> is a wrapper program that can call any number of content filtering programs for spam detection, antivirus, etc."
16361
10277
msgstr ""
16362
10278
16363
10279
#: serverguide/C/mail.xml:1223(para)
16364
msgid ""
16365
"<application>Spamassassin</application> uses a variety of mechanisms to "
16366
"filter email based on the message content."
10280
msgid "<application>Spamassassin</application> uses a variety of mechanisms to filter email based on the message content."
16367
10281
msgstr ""
16368
10282
16369
10283
#: serverguide/C/mail.xml:1228(para)
16370
msgid ""
16371
"<application>ClamAV</application> is an open source antivirus application."
10284
msgid "<application>ClamAV</application> is an open source antivirus application."
16372
10285
msgstr ""
16373
10286
16374
10287
#: serverguide/C/mail.xml:1233(para)
16375
msgid ""
16376
"<application>dkim-filter</application> implements a Sendmail Mail Filter "
16377
"(Milter) for the DomainKeys Identified Mail (DKIM) standard."
10288
msgid "<application>dkim-filter</application> implements a Sendmail Mail Filter (Milter) for the DomainKeys Identified Mail (DKIM) standard."
16378
10289
msgstr ""
16379
10290
16380
10291
#: serverguide/C/mail.xml:1239(para)
16381
msgid ""
16382
"<application>python-policyd-spf</application> enables Sender Policy "
16383
"Framework (SPF) checking with <application>Postfix</application>."
10292
msgid "<application>python-policyd-spf</application> enables Sender Policy Framework (SPF) checking with <application>Postfix</application>."
16384
10293
msgstr ""
16385
10294
16386
10295
#: serverguide/C/mail.xml:1244(para)
16392
10301
msgstr ""
16393
10302
16394
10303
#: serverguide/C/mail.xml:1254(para)
16395
msgid ""
16396
"The message is passed through any external filters <application>dkim-"
16397
"filter</application> and <application>python-policyd-spf</application> in "
16398
"this case."
10304
msgid "The message is passed through any external filters <application>dkim-filter</application> and <application>python-policyd-spf</application> in this case."
16399
10305
msgstr ""
16400
10306
16401
10307
#: serverguide/C/mail.xml:1260(para)
16403
10309
msgstr ""
16404
10310
16405
10311
#: serverguide/C/mail.xml:1265(para)
16406
msgid ""
16407
"<application>ClamAV</application> is used to scan the message. If the "
16408
"message contains a virus <application>Postfix</application> will reject the "
16409
"message."
10312
msgid "<application>ClamAV</application> is used to scan the message. If the message contains a virus <application>Postfix</application> will reject the message."
16410
10313
msgstr ""
16411
10314
16412
10315
#: serverguide/C/mail.xml:1271(para)
16413
msgid ""
16414
"Clean messages will then be analyzed by "
16415
"<application>Spamassassin</application> to find out if the message is spam. "
16416
"<application>Spamassassin</application> will then add X-Header lines "
16417
"allowing <application>Amavisd-new</application> to further manipulate the "
16418
"message."
10316
msgid "Clean messages will then be analyzed by <application>Spamassassin</application> to find out if the message is spam. <application>Spamassassin</application> will then add X-Header lines allowing <application>Amavisd-new</application> to further manipulate the message."
16419
10317
msgstr ""
16420
10318
16421
10319
#: serverguide/C/mail.xml:1278(para)
16422
msgid ""
16423
"For example, if a message has a Spam score of over fifty the message could "
16424
"be automatically dropped from the queue without the recipient ever having to "
16425
"be bothered. Another, way to handle flagged messages is to deliver them to "
16426
"the Mail User Agent (MUA) allowing the user to deal with the message as they "
16427
"see fit."
10320
msgid "For example, if a message has a Spam score of over fifty the message could be automatically dropped from the queue without the recipient ever having to be bothered. Another, way to handle flagged messages is to deliver them to the Mail User Agent (MUA) allowing the user to deal with the message as they see fit."
16428
10321
msgstr ""
16429
10322
16430
10323
#: serverguide/C/mail.xml:1285(para)
16431
msgid ""
16432
"See <xref linkend=\"postfix\"/> for instructions on installing and "
16433
"configuring Postfix."
10324
msgid "See <xref linkend=\"postfix\"/> for instructions on installing and configuring Postfix."
16434
10325
msgstr ""
16435
10326
16436
10327
#: serverguide/C/mail.xml:1288(para)
16437
msgid ""
16438
"To install the rest of the applications enter the following from a terminal "
16439
"prompt:"
10328
msgid "To install the rest of the applications enter the following from a terminal prompt:"
16440
10329
msgstr ""
16441
10330
16442
10331
#: serverguide/C/mail.xml:1292(command)
16448
10337
msgstr ""
16449
10338
16450
10339
#: serverguide/C/mail.xml:1295(para)
16451
msgid ""
16452
"There are some optional packages that integrate with "
16453
"<application>Spamassassin</application> for better spam detection:"
10340
msgid "There are some optional packages that integrate with <application>Spamassassin</application> for better spam detection:"
16454
10341
msgstr ""
16455
10342
16456
10343
#: serverguide/C/mail.xml:1299(command)
16458
10345
msgstr ""
16459
10346
16460
10347
#: serverguide/C/mail.xml:1301(para)
16461
msgid ""
16462
"Along with the main filtering applications compression utilities are needed "
16463
"to process some email attachments:"
10348
msgid "Along with the main filtering applications compression utilities are needed to process some email attachments:"
16464
10349
msgstr ""
16465
10350
16466
10351
#: serverguide/C/mail.xml:1305(command)
16467
msgid ""
16468
"sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
10352
msgid "sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip"
16469
10353
msgstr ""
16470
10354
16471
10355
#: serverguide/C/mail.xml:1310(para)
16477
10361
msgstr ""
16478
10362
16479
10363
#: serverguide/C/mail.xml:1315(para)
16480
msgid ""
16481
"The default behaviour of <application>ClamAV</application> will fit our "
16482
"needs. For more ClamAV configuration options, check the configuration files "
16483
"in <filename>/etc/clamav</filename>."
10364
msgid "The default behaviour of <application>ClamAV</application> will fit our needs. For more ClamAV configuration options, check the configuration files in <filename>/etc/clamav</filename>."
16484
10365
msgstr ""
16485
10366
16486
10367
#: serverguide/C/mail.xml:1320(para)
16487
msgid ""
16488
"Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> "
16489
"group in order for <application>Amavisd-new</application> to have the "
16490
"appropriate access to scan files:"
10368
msgid "Add the <emphasis>clamav</emphasis> user to the <emphasis>amavis</emphasis> group in order for <application>Amavisd-new</application> to have the appropriate access to scan files:"
16491
10369
msgstr ""
16492
10370
16493
10371
#: serverguide/C/mail.xml:1325(command)
16499
10377
msgstr ""
16500
10378
16501
10379
#: serverguide/C/mail.xml:1330(para)
16502
msgid ""
16503
"Spamassassin automatically detects optional components and will use them if "
16504
"they are present. This means that there is no need to configure "
16505
"<application>pyzor</application> and <application>razor</application>."
10380
msgid "Spamassassin automatically detects optional components and will use them if they are present. This means that there is no need to configure <application>pyzor</application> and <application>razor</application>."
16506
10381
msgstr ""
16507
10382
16508
10383
#: serverguide/C/mail.xml:1334(para)
16509
msgid ""
16510
"Edit <filename>/etc/default/spamassassin</filename> to activate the "
16511
"<application>Spamassassin</application> daemon. Change "
16512
"<emphasis>ENABLED=0</emphasis> to:"
10384
msgid "Edit <filename>/etc/default/spamassassin</filename> to activate the <application>Spamassassin</application> daemon. Change <emphasis>ENABLED=0</emphasis> to:"
16513
10385
msgstr ""
16514
10386
16515
10387
#: serverguide/C/mail.xml:1338(programlisting)
16516
10388
#, no-wrap
16517
msgid ""
16518
"\n"
16519
"ENABLED=1\n"
10389
msgid "\nENABLED=1\n"
16520
10390
msgstr ""
16521
10391
16522
10392
#: serverguide/C/mail.xml:1341(para)
16532
10402
msgstr ""
16533
10403
16534
10404
#: serverguide/C/mail.xml:1350(para)
16535
msgid ""
16536
"First activate spam and antivirus detection in <application>Amavisd-"
16537
"new</application> by editing <filename>/etc/amavis/conf.d/15-"
16538
"content_filter_mode</filename>:"
10405
msgid "First activate spam and antivirus detection in <application>Amavisd-new</application> by editing <filename>/etc/amavis/conf.d/15-content_filter_mode</filename>:"
16539
10406
msgstr ""
16540
10407
16541
10408
#: serverguide/C/mail.xml:1354(programlisting)
16542
10409
#, no-wrap
16543
msgid ""
16544
"\n"
16545
"use strict;\n"
16546
"\n"
16547
"# You can modify this file to re-enable SPAM checking through spamassassin\n"
16548
"# and to re-enable antivirus checking.\n"
16549
"\n"
16550
"#\n"
16551
"# Default antivirus checking mode\n"
16552
"# Uncomment the two lines below to enable it\n"
16553
"#\n"
16554
"\n"
16555
"@bypass_virus_checks_maps = (\n"
16556
" \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\"
16557
"$bypass_virus_checks_re);\n"
16558
"\n"
16559
"\n"
16560
"#\n"
16561
"# Default SPAM checking mode\n"
16562
"# Uncomment the two lines below to enable it\n"
16563
"#\n"
16564
"\n"
16565
"@bypass_spam_checks_maps = (\n"
16566
" \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\"
16567
"$bypass_spam_checks_re);\n"
16568
"\n"
16569
"1; # insure a defined return\n"
10410
msgid "\nuse strict;\n\n# You can modify this file to re-enable SPAM checking through spamassassin\n# and to re-enable antivirus checking.\n\n#\n# Default antivirus checking mode\n# Uncomment the two lines below to enable it\n#\n\n@bypass_virus_checks_maps = (\n \\%bypass_virus_checks, \\@bypass_virus_checks_acl, \\$bypass_virus_checks_re);\n\n\n#\n# Default SPAM checking mode\n# Uncomment the two lines below to enable it\n#\n\n@bypass_spam_checks_maps = (\n \\%bypass_spam_checks, \\@bypass_spam_checks_acl, \\$bypass_spam_checks_re);\n\n1; # insure a defined return\n"
16570
10411
msgstr ""
16571
10412
16572
10413
#: serverguide/C/mail.xml:1379(para)
16573
msgid ""
16574
"Bouncing spam can be a bad idea as the return address is often faked. "
16575
"Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> "
16576
"to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than "
16577
"D_BOUNCE, as follows:"
10414
msgid "Bouncing spam can be a bad idea as the return address is often faked. Consider editing <filename>/etc/amavis/conf.d/20-debian_defaults</filename> to set <emphasis>$final_spam_destiny</emphasis> to D_DISCARD rather than D_BOUNCE, as follows:"
16578
10415
msgstr ""
16579
10416
16580
10417
#: serverguide/C/mail.xml:1385(programlisting)
16581
10418
#, no-wrap
16582
msgid ""
16583
"\n"
16584
"$final_spam_destiny = D_DISCARD;\n"
10419
msgid "\n$final_spam_destiny = D_DISCARD;\n"
16585
10420
msgstr ""
16586
10421
16587
10422
#: serverguide/C/mail.xml:1389(para)
16588
msgid ""
16589
"Additionally, you may want to adjust the following options to flag more "
16590
"messages as spam:"
10423
msgid "Additionally, you may want to adjust the following options to flag more messages as spam:"
16591
10424
msgstr ""
16592
10425
16593
10426
#: serverguide/C/mail.xml:1393(programlisting)
16594
10427
#, no-wrap
16595
msgid ""
16596
"\n"
16597
"$sa_tag_level_deflt = -999; # add spam info headers if at, or above that "
16598
"level\n"
16599
"$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n"
16600
"$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n"
16601
"$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
10428
msgid "\n$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level\n$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level\n$sa_kill_level_deflt = 21.0; # triggers spam evasive actions\n$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent\n"
16602
10429
msgstr ""
16603
10430
16604
10431
#: serverguide/C/mail.xml:1400(para)
16605
msgid ""
16606
"If the server's <emphasis>hostname</emphasis> is different from the domain's "
16607
"MX record you may need to manually set the <emphasis>$myhostname</emphasis> "
16608
"option. Also, if the server receives mail for multiple domains the "
16609
"<emphasis>@local_domains_acl</emphasis> option will need to be customized. "
16610
"Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
10432
msgid "If the server's <emphasis>hostname</emphasis> is different from the domain's MX record you may need to manually set the <emphasis>$myhostname</emphasis> option. Also, if the server receives mail for multiple domains the <emphasis>@local_domains_acl</emphasis> option will need to be customized. Edit the <filename>/etc/amavis/conf.d/50-user</filename> file:"
16611
10433
msgstr ""
16612
10434
16613
10435
#: serverguide/C/mail.xml:1407(programlisting)
16614
10436
#, no-wrap
16615
msgid ""
16616
"\n"
16617
"$myhostname = 'mail.example.com';\n"
16618
"@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
10437
msgid "\n$myhostname = 'mail.example.com';\n@local_domains_acl = ( \"example.com\", \"example.org\" );\n"
16619
10438
msgstr ""
16620
10439
16621
10440
#: serverguide/C/mail.xml:1412(para)
16622
msgid ""
16623
"After configuration <application>Amavisd-new</application> needs to be "
16624
"restarted:"
10441
msgid "After configuration <application>Amavisd-new</application> needs to be restarted:"
16625
10442
msgstr ""
16626
10443
16627
10444
#: serverguide/C/mail.xml:1416(command) serverguide/C/mail.xml:1462(command)
16633
10450
msgstr ""
16634
10451
16635
10452
#: serverguide/C/mail.xml:1421(para)
16636
msgid ""
16637
"<application>Amavisd-new</application> can be configured to automatically "
16638
"<emphasis>Whitelist</emphasis> addresses from domains with valid Domain "
16639
"Keys. There are some pre-configured domains in the "
16640
"<filename>/etc/amavis/conf.d/40-policy_banks</filename>."
10453
msgid "<application>Amavisd-new</application> can be configured to automatically <emphasis>Whitelist</emphasis> addresses from domains with valid Domain Keys. There are some pre-configured domains in the <filename>/etc/amavis/conf.d/40-policy_banks</filename>."
16641
10454
msgstr ""
16642
10455
16643
10456
#: serverguide/C/mail.xml:1427(para)
16645
10458
msgstr ""
16646
10459
16647
10460
#: serverguide/C/mail.xml:1433(para)
16648
msgid ""
16649
"<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16650
"address from the \"example.com\" domain."
10461
msgid "<emphasis>'example.com' => 'WHITELIST',</emphasis>: will whitelist any address from the \"example.com\" domain."
16651
10462
msgstr ""
16652
10463
16653
10464
#: serverguide/C/mail.xml:1438(para)
16654
msgid ""
16655
"<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any "
16656
"address from any <emphasis>subdomains</emphasis> of \"example.com\" that "
16657
"have a valid signature."
10465
msgid "<emphasis>'.example.com' => 'WHITELIST',</emphasis>: will whitelist any address from any <emphasis>subdomains</emphasis> of \"example.com\" that have a valid signature."
16658
10466
msgstr ""
16659
10467
16660
10468
#: serverguide/C/mail.xml:1444(para)
16661
msgid ""
16662
"<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will "
16663
"whitelist subdomains of \"example.com\" that use the signature of <emphasis "
16664
"role=\"italic\">example.com</emphasis> the parent domain."
10469
msgid "<emphasis>'.example.com/@example.com' => 'WHITELIST',</emphasis>: will whitelist subdomains of \"example.com\" that use the signature of <emphasis role=\"italic\">example.com</emphasis> the parent domain."
16665
10470
msgstr ""
16666
10471
16667
10472
#: serverguide/C/mail.xml:1450(para)
16668
msgid ""
16669
"<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses "
16670
"that have a valid signature from \"example.com\". This is usually used for "
16671
"discussion groups that sign thier messages."
10473
msgid "<emphasis>'./@example.com' => 'WHITELIST',</emphasis>: adds addresses that have a valid signature from \"example.com\". This is usually used for discussion groups that sign thier messages."
16672
10474
msgstr ""
16673
10475
16674
10476
#: serverguide/C/mail.xml:1457(para)
16675
msgid ""
16676
"A domain can also have multiple Whitelist configurations. After, editing the "
16677
"file restart <application>amaisd-new</application>:"
10477
msgid "A domain can also have multiple Whitelist configurations. After, editing the file restart <application>amaisd-new</application>:"
16678
10478
msgstr ""
16679
10479
16680
10480
#: serverguide/C/mail.xml:1466(para)
16681
msgid ""
16682
"In this context, once a domain has been added to the Whitelist the message "
16683
"will not receive any anti-virus or spam filtering. This may or may not be "
16684
"the intended behavior you wish for a domain."
10481
msgid "In this context, once a domain has been added to the Whitelist the message will not receive any anti-virus or spam filtering. This may or may not be the intended behavior you wish for a domain."
16685
10482
msgstr ""
16686
10483
16687
10484
#: serverguide/C/mail.xml:1476(para)
16688
msgid ""
16689
"For <application>Postfix</application> integration, enter the following from "
16690
"a terminal prompt:"
10485
msgid "For <application>Postfix</application> integration, enter the following from a terminal prompt:"
16691
10486
msgstr ""
16692
10487
16693
10488
#: serverguide/C/mail.xml:1480(command)
16695
10490
msgstr ""
16696
10491
16697
10492
#: serverguide/C/mail.xml:1482(para)
16698
msgid ""
16699
"Next edit <filename>/etc/postfix/master.cf</filename> and add the following "
16700
"to the end of the file:"
10493
msgid "Next edit <filename>/etc/postfix/master.cf</filename> and add the following to the end of the file:"
16701
10494
msgstr ""
16702
10495
16703
10496
#: serverguide/C/mail.xml:1485(programlisting)
16704
10497
#, no-wrap
16705
msgid ""
16706
"\n"
16707
"smtp-amavis unix - - - - 2 smtp\n"
16708
" -o smtp_data_done_timeout=1200\n"
16709
" -o smtp_send_xforward_command=yes\n"
16710
" -o disable_dns_lookups=yes\n"
16711
" -o max_use=20\n"
16712
"\n"
16713
"127.0.0.1:10025 inet n - - - - smtpd\n"
16714
" -o content_filter=\n"
16715
" -o local_recipient_maps=\n"
16716
" -o relay_recipient_maps=\n"
16717
" -o smtpd_restriction_classes=\n"
16718
" -o smtpd_delay_reject=no\n"
16719
" -o smtpd_client_restrictions=permit_mynetworks,reject\n"
16720
" -o smtpd_helo_restrictions=\n"
16721
" -o smtpd_sender_restrictions=\n"
16722
" -o smtpd_recipient_restrictions=permit_mynetworks,reject\n"
16723
" -o smtpd_data_restrictions=reject_unauth_pipelining\n"
16724
" -o smtpd_end_of_data_restrictions=\n"
16725
" -o mynetworks=127.0.0.0/8\n"
16726
" -o smtpd_error_sleep_time=0\n"
16727
" -o smtpd_soft_error_limit=1001\n"
16728
" -o smtpd_hard_error_limit=1000\n"
16729
" -o smtpd_client_connection_count_limit=0\n"
16730
" -o smtpd_client_connection_rate_limit=0\n"
16731
" -o "
16732
"receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
10498
msgid "\nsmtp-amavis unix - - - - 2 smtp\n -o smtp_data_done_timeout=1200\n -o smtp_send_xforward_command=yes\n -o disable_dns_lookups=yes\n -o max_use=20\n\n127.0.0.1:10025 inet n - - - - smtpd\n -o content_filter=\n -o local_recipient_maps=\n -o relay_recipient_maps=\n -o smtpd_restriction_classes=\n -o smtpd_delay_reject=no\n -o smtpd_client_restrictions=permit_mynetworks,reject\n -o smtpd_helo_restrictions=\n -o smtpd_sender_restrictions=\n -o smtpd_recipient_restrictions=permit_mynetworks,reject\n -o smtpd_data_restrictions=reject_unauth_pipelining\n -o smtpd_end_of_data_restrictions=\n -o mynetworks=127.0.0.0/8\n -o smtpd_error_sleep_time=0\n -o smtpd_soft_error_limit=1001\n -o smtpd_hard_error_limit=1000\n -o smtpd_client_connection_count_limit=0\n -o smtpd_client_connection_rate_limit=0\n -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks\n"
16733
10499
msgstr ""
16734
10500
16735
10501
#: serverguide/C/mail.xml:1512(para)
16736
msgid ""
16737
"Also add the following two lines immediately below the "
16738
"<emphasis>\"pickup\"</emphasis> transport service:"
10502
msgid "Also add the following two lines immediately below the <emphasis>\"pickup\"</emphasis> transport service:"
16739
10503
msgstr ""
16740
10504
16741
10505
#: serverguide/C/mail.xml:1515(programlisting)
16742
10506
#, no-wrap
16743
msgid ""
16744
"\n"
16745
" -o content_filter=\n"
16746
" -o receive_override_options=no_header_body_checks\n"
10507
msgid "\n -o content_filter=\n -o receive_override_options=no_header_body_checks\n"
16747
10508
msgstr ""
16748
10509
16749
10510
#: serverguide/C/mail.xml:1519(para)
16750
msgid ""
16751
"This will prevent messages that are generated to report on spam from being "
16752
"classified as spam."
10511
msgid "This will prevent messages that are generated to report on spam from being classified as spam."
16753
10512
msgstr ""
16754
10513
16755
10514
#: serverguide/C/mail.xml:1522(para)
16761
10520
msgstr ""
16762
10521
16763
10522
#: serverguide/C/mail.xml:1535(para)
16764
msgid ""
16765
"First, test that the <application>Amavisd-new</application> SMTP is "
16766
"listening:"
10523
msgid "First, test that the <application>Amavisd-new</application> SMTP is listening:"
16767
10524
msgstr ""
16768
10525
16769
10526
#: serverguide/C/mail.xml:1538(programlisting)
16770
10527
#, no-wrap
16771
msgid ""
16772
"\n"
16773
"telnet localhost 10024\n"
16774
"Trying 127.0.0.1...\n"
16775
"Connected to localhost.\n"
16776
"Escape character is '^]'.\n"
16777
"220 [127.0.0.1] ESMTP amavisd-new service ready\n"
16778
"^]\n"
10528
msgid "\ntelnet localhost 10024\nTrying 127.0.0.1...\nConnected to localhost.\nEscape character is '^]'.\n220 [127.0.0.1] ESMTP amavisd-new service ready\n^]\n"
16779
10529
msgstr ""
16780
10530
16781
10531
#: serverguide/C/mail.xml:1546(para)
16782
msgid ""
16783
"In the Header of messages that go through the content filter you should see:"
10532
msgid "In the Header of messages that go through the content filter you should see:"
16784
10533
msgstr ""
16785
10534
16786
10535
#: serverguide/C/mail.xml:1549(programlisting)
16787
10536
#, no-wrap
16788
msgid ""
16789
"\n"
16790
"X-Spam-Level: \n"
16791
"X-Virus-Scanned: Debian amavisd-new at example.com\n"
16792
"X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, "
16793
"BAYES_00\n"
16794
"X-Spam-Level: \n"
10537
msgid "\nX-Spam-Level: \nX-Virus-Scanned: Debian amavisd-new at example.com\nX-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00\nX-Spam-Level: \n"
16795
10538
msgstr ""
16796
10539
16797
10540
#: serverguide/C/mail.xml:1556(para)
16798
msgid ""
16799
"Your output will vary, but the important thing is that there are <emphasis>X-"
16800
"Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
10541
msgid "Your output will vary, but the important thing is that there are <emphasis>X-Virus-Scanned</emphasis> and <emphasis>X-Spam-Status</emphasis> entries."
16801
10542
msgstr ""
16802
10543
16803
10544
#: serverguide/C/mail.xml:1564(para)
16804
msgid ""
16805
"The best way to figure out why something is going wrong is to check the log "
16806
"files."
10545
msgid "The best way to figure out why something is going wrong is to check the log files."
16807
10546
msgstr ""
16808
10547
16809
10548
#: serverguide/C/mail.xml:1569(para)
16810
msgid ""
16811
"For instructions on <application>Postfix</application> logging see the <xref "
16812
"linkend=\"postfix-troubleshooting\"/> section."
10549
msgid "For instructions on <application>Postfix</application> logging see the <xref linkend=\"postfix-troubleshooting\"/> section."
16813
10550
msgstr ""
16814
10551
16815
10552
#: serverguide/C/mail.xml:1575(para)
16816
msgid ""
16817
"<application>Amavisd-new</application> uses "
16818
"<application>Syslog</application> to send messages to "
16819
"<filename>/var/log/mail.log</filename>. The amount of detail can be "
16820
"increased by adding the <emphasis>$log_level</emphasis> option to "
16821
"<filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from "
16822
"1 to 5."
10553
msgid "<application>Amavisd-new</application> uses <application>Syslog</application> to send messages to <filename>/var/log/mail.log</filename>. The amount of detail can be increased by adding the <emphasis>$log_level</emphasis> option to <filename>/etc/amavis/conf.d/50-user</filename>, and setting the value from 1 to 5."
16823
10554
msgstr ""
16824
10555
16825
10556
#: serverguide/C/mail.xml:1580(programlisting)
16826
10557
#, no-wrap
16827
msgid ""
16828
"\n"
16829
"$log_level = 2;\n"
10558
msgid "\n$log_level = 2;\n"
16830
10559
msgstr ""
16831
10560
16832
10561
#: serverguide/C/mail.xml:1584(para)
16833
msgid ""
16834
"When the <application>Amavisd-new</application> log output is increased "
16835
"<application>Spamassassin</application> log output is also increased."
10562
msgid "When the <application>Amavisd-new</application> log output is increased <application>Spamassassin</application> log output is also increased."
16836
10563
msgstr ""
16837
10564
16838
10565
#: serverguide/C/mail.xml:1591(para)
16839
msgid ""
16840
"The <application>ClamAV</application> log level can be increased by editing "
16841
"<filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
10566
msgid "The <application>ClamAV</application> log level can be increased by editing <filename>/etc/clamav/clamd.conf</filename> and setting the following option:"
16842
10567
msgstr ""
16843
10568
16844
10569
#: serverguide/C/mail.xml:1595(programlisting)
16845
10570
#, no-wrap
16846
msgid ""
16847
"\n"
16848
"LogVerbose true\n"
10571
msgid "\nLogVerbose true\n"
16849
10572
msgstr ""
16850
10573
16851
10574
#: serverguide/C/mail.xml:1598(para)
16852
msgid ""
16853
"By default <application>ClamAV</application> will send log messages to "
16854
"<filename>/var/log/clamav/clamav.log</filename>."
10575
msgid "By default <application>ClamAV</application> will send log messages to <filename>/var/log/clamav/clamav.log</filename>."
16855
10576
msgstr ""
16856
10577
16857
10578
#: serverguide/C/mail.xml:1604(para)
16858
msgid ""
16859
"After changing an applications log settings remember to restart the service "
16860
"for the new settings to take affect. Also, once the issue you are "
16861
"troubleshooting is resolved it is a good idea to change the log settings "
16862
"back to normal."
10579
msgid "After changing an applications log settings remember to restart the service for the new settings to take affect. Also, once the issue you are troubleshooting is resolved it is a good idea to change the log settings back to normal."
16863
10580
msgstr ""
16864
10581
16865
10582
#: serverguide/C/mail.xml:1612(para)
16871
10588
msgstr ""
16872
10589
16873
10590
#: serverguide/C/mail.xml:1622(para)
16874
msgid ""
16875
"<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV "
16876
"Documentation</ulink> and <ulink "
16877
"url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
10591
msgid "<ulink url=\"http://www.clamav.org/doc/latest/html/\">ClamAV Documentation</ulink> and <ulink url=\"http://wiki.clamav.net/Main/WebHome\">ClamAV Wiki</ulink>"
16878
10592
msgstr ""
16879
10593
16880
10594
#: serverguide/C/mail.xml:1629(ulink)
16894
10608
msgstr ""
16895
10609
16896
10610
#: serverguide/C/mail.xml:1648(para)
16897
msgid ""
16898
"Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> "
16899
"IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
10611
msgid "Also, feel free to ask questions in the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
16900
10612
msgstr ""
16901
10613
16902
10614
#: serverguide/C/lamp-applications.xml:13(title)
16904
10616
msgstr ""
16905
10617
16906
10618
#: serverguide/C/lamp-applications.xml:19(para)
16907
msgid ""
16908
"LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for "
16909
"Ubuntu servers. There is a plethora of Open Source applications written "
16910
"using the LAMP application stack. Some popular LAMP applications are Wiki's, "
16911
"Content Management Systems, and Management Software such as phpMyAdmin."
10619
msgid "LAMP installations (Linux + Apache + MySQL + PHP) are a popular setup for Ubuntu servers. There is a plethora of Open Source applications written using the LAMP application stack. Some popular LAMP applications are Wiki's, Content Management Systems, and Management Software such as phpMyAdmin."
16912
10620
msgstr ""
16913
10621
16914
10622
#: serverguide/C/lamp-applications.xml:26(para)
16915
msgid ""
16916
"One advantage of LAMP is the substantial flexibility for different database, "
16917
"web server, and scripting languages. Popular substitutes for MySQL include "
16918
"Posgresql and SQLite. Python, Perl, and Ruby are also frequently used "
16919
"instead of PHP."
10623
msgid "One advantage of LAMP is the substantial flexibility for different database, web server, and scripting languages. Popular substitutes for MySQL include Posgresql and SQLite. Python, Perl, and Ruby are also frequently used instead of PHP."
16920
10624
msgstr ""
16921
10625
16922
10626
#: serverguide/C/lamp-applications.xml:32(para)
16923
msgid ""
16924
"The traditional way to install most <emphasis>LAMP</emphasis> applications "
16925
"is:"
10627
msgid "The traditional way to install most <emphasis>LAMP</emphasis> applications is:"
16926
10628
msgstr ""
16927
10629
16928
10630
#: serverguide/C/lamp-applications.xml:38(para)
16930
10632
msgstr ""
16931
10633
16932
10634
#: serverguide/C/lamp-applications.xml:43(para)
16933
msgid ""
16934
"Unpack the archive, usually in a directory accessible to a web server."
10635
msgid "Unpack the archive, usually in a directory accessible to a web server."
16935
10636
msgstr ""
16936
10637
16937
10638
#: serverguide/C/lamp-applications.xml:48(para)
16938
msgid ""
16939
"Depending on where the source was extracted, configure a web browser to "
16940
"serve the files."
10639
msgid "Depending on where the source was extracted, configure a web browser to serve the files."
16941
10640
msgstr ""
16942
10641
16943
10642
#: serverguide/C/lamp-applications.xml:53(para)
16945
10644
msgstr ""
16946
10645
16947
10646
#: serverguide/C/lamp-applications.xml:58(para)
16948
msgid ""
16949
"Run a script, or browse to a page of the application, to install the "
16950
"database needed by the application."
10647
msgid "Run a script, or browse to a page of the application, to install the database needed by the application."
16951
10648
msgstr ""
16952
10649
16953
10650
#: serverguide/C/lamp-applications.xml:63(para)
16954
msgid ""
16955
"Once the steps above, or similar steps, are completed you are ready to begin "
16956
"using the application."
10651
msgid "Once the steps above, or similar steps, are completed you are ready to begin using the application."
16957
10652
msgstr ""
16958
10653
16959
10654
#: serverguide/C/lamp-applications.xml:69(para)
16960
msgid ""
16961
"A disadvantage of using this approach is that the application files are not "
16962
"placed in the file system in a standard way, which can cause confusion as to "
16963
"where the application is installed. Another larger disadvantage is updating "
16964
"the application. When a new version is released, the same process used to "
16965
"install the application is needed to apply updates."
10655
msgid "A disadvantage of using this approach is that the application files are not placed in the file system in a standard way, which can cause confusion as to where the application is installed. Another larger disadvantage is updating the application. When a new version is released, the same process used to install the application is needed to apply updates."
16966
10656
msgstr ""
16967
10657
16968
10658
#: serverguide/C/lamp-applications.xml:76(para)
16969
msgid ""
16970
"Fortunately, a number of <emphasis>LAMP</emphasis> applications are already "
16971
"packaged for Ubuntu, and are available for installation in the same way as "
16972
"non-LAMP applications. Depending on the application some extra configuration "
16973
"and setup steps may be needed, however."
10659
msgid "Fortunately, a number of <emphasis>LAMP</emphasis> applications are already packaged for Ubuntu, and are available for installation in the same way as non-LAMP applications. Depending on the application some extra configuration and setup steps may be needed, however."
16974
10660
msgstr ""
16975
10661
16976
10662
#: serverguide/C/lamp-applications.xml:82(para)
16977
msgid ""
16978
"This section covers howto install and configure the Wiki applications "
16979
"<application>MoinMoin</application>, <application>MediaWiki</application>, "
16980
"and the MySQL management application <application>phpMyAdmin</application>."
10663
msgid "This section covers howto install and configure the Wiki applications <application>MoinMoin</application>, <application>MediaWiki</application>, and the MySQL management application <application>phpMyAdmin</application>."
16981
10664
msgstr ""
16982
10665
16983
10666
#: serverguide/C/lamp-applications.xml:88(para)
16984
msgid ""
16985
"A Wiki is a website that allows the visitors to easily add, remove and "
16986
"modify available content easily. The ease of interaction and operation makes "
16987
"Wiki an effective tool for mass collaborative authoring. The term Wiki is "
16988
"also referred to the collaborative software."
10667
msgid "A Wiki is a website that allows the visitors to easily add, remove and modify available content easily. The ease of interaction and operation makes Wiki an effective tool for mass collaborative authoring. The term Wiki is also referred to the collaborative software."
16989
10668
msgstr ""
16990
10669
16991
10670
#: serverguide/C/lamp-applications.xml:100(title)
16993
10672
msgstr ""
16994
10673
16995
10674
#: serverguide/C/lamp-applications.xml:102(para)
16996
msgid ""
16997
"MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki "
16998
"engine, and licensed under the GNU GPL."
10675
msgid "MoinMoin is a Wiki engine implemented in Python, based on the PikiPiki Wiki engine, and licensed under the GNU GPL."
16999
10676
msgstr ""
17000
10677
17001
10678
#: serverguide/C/lamp-applications.xml:110(para)
17002
msgid ""
17003
"To install <application>MoinMoin</application>, run the following command in "
17004
"the command prompt:"
10679
msgid "To install <application>MoinMoin</application>, run the following command in the command prompt:"
17005
10680
msgstr ""
17006
10681
17007
10682
#: serverguide/C/lamp-applications.xml:116(command)
17009
10684
msgstr ""
17010
10685
17011
10686
#: serverguide/C/lamp-applications.xml:119(para)
17012
msgid ""
17013
"You should also install <application>apache2</application> web server. For "
17014
"installing <application>apache2</application> web server, please refer to "
17015
"<xref linkend=\"http-installation\"/> sub-section in <xref "
17016
"linkend=\"httpd\"/> section."
10687
msgid "You should also install <application>apache2</application> web server. For installing <application>apache2</application> web server, please refer to <xref linkend=\"http-installation\"/> sub-section in <xref linkend=\"httpd\"/> section."
17017
10688
msgstr ""
17018
10689
17019
10690
#: serverguide/C/lamp-applications.xml:130(para)
17020
msgid ""
17021
"For configuring your first Wiki application, please run the following set of "
17022
"commands. Let us assume that you are creating a Wiki named "
17023
"<emphasis>mywiki</emphasis>:"
10691
msgid "For configuring your first Wiki application, please run the following set of commands. Let us assume that you are creating a Wiki named <emphasis>mywiki</emphasis>:"
17024
10692
msgstr ""
17025
10693
17026
10694
#: serverguide/C/lamp-applications.xml:137(command)
17056
10724
msgstr ""
17057
10725
17058
10726
#: serverguide/C/lamp-applications.xml:147(para)
17059
msgid ""
17060
"Now you should configure <application>MoinMoin</application> to find your "
17061
"new Wiki <emphasis>mywiki</emphasis>. To configure "
17062
"<application>MoinMoin</application>, open "
17063
"<filename>/etc/moin/mywiki.py</filename> file and change the following line:"
10727
msgid "Now you should configure <application>MoinMoin</application> to find your new Wiki <emphasis>mywiki</emphasis>. To configure <application>MoinMoin</application>, open <filename>/etc/moin/mywiki.py</filename> file and change the following line:"
17064
10728
msgstr ""
17065
10729
17066
10730
#: serverguide/C/lamp-applications.xml:155(programlisting)
17078
10742
msgstr ""
17079
10743
17080
10744
#: serverguide/C/lamp-applications.xml:163(para)
17081
msgid ""
17082
"Also, below the <emphasis>data_dir</emphasis> option add the "
17083
"<emphasis>data_underlay_dir</emphasis>:"
10745
msgid "Also, below the <emphasis>data_dir</emphasis> option add the <emphasis>data_underlay_dir</emphasis>:"
17084
10746
msgstr ""
17085
10747
17086
10748
#: serverguide/C/lamp-applications.xml:167(programlisting)
17087
10749
#, no-wrap
17088
msgid ""
17089
"\n"
17090
"data_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
10750
msgid "\ndata_underlay_dir='/usr/share/moin/mywiki/underlay'\n"
17091
10751
msgstr ""
17092
10752
17093
10753
#: serverguide/C/lamp-applications.xml:172(para)
17094
msgid ""
17095
"If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you "
17096
"should copy <filename>/etc/moin/moinmaster.py</filename> file to "
17097
"<filename>/etc/moin/mywiki.py</filename> file and do the above mentioned "
17098
"change."
10754
msgid "If the <filename>/etc/moin/mywiki.py</filename> file does not exists, you should copy <filename>/etc/moin/moinmaster.py</filename> file to <filename>/etc/moin/mywiki.py</filename> file and do the above mentioned change."
17099
10755
msgstr ""
17100
10756
17101
10757
#: serverguide/C/lamp-applications.xml:181(para)
17102
msgid ""
17103
"If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should "
17104
"insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in "
17105
"<filename>/etc/moin/farmconfig.py</filename> file after the line "
17106
"<quote>(\"mywiki\", r\".*\")</quote>."
10758
msgid "If you have named your Wiki as <emphasis>my_wiki_name</emphasis> you should insert a line <quote>(\"my_wiki_name\", r\".*\")</quote> in <filename>/etc/moin/farmconfig.py</filename> file after the line <quote>(\"mywiki\", r\".*\")</quote>."
17107
10759
msgstr ""
17108
10760
17109
10761
#: serverguide/C/lamp-applications.xml:189(para)
17110
msgid ""
17111
"Once you have configured <application>MoinMoin</application> to find your "
17112
"first Wiki application <emphasis>mywiki</emphasis>, you should configure "
17113
"<application>apache2</application> and make it ready for your Wiki "
17114
"application."
10762
msgid "Once you have configured <application>MoinMoin</application> to find your first Wiki application <emphasis>mywiki</emphasis>, you should configure <application>apache2</application> and make it ready for your Wiki application."
17115
10763
msgstr ""
17116
10764
17117
10765
#: serverguide/C/lamp-applications.xml:196(para)
17118
msgid ""
17119
"You should add the following lines in <filename>/etc/apache2/sites-"
17120
"available/default</filename> file inside the <quote><VirtualHost "
17121
"*></quote> tag:"
10766
msgid "You should add the following lines in <filename>/etc/apache2/sites-available/default</filename> file inside the <quote><VirtualHost *></quote> tag:"
17122
10767
msgstr ""
17123
10768
17124
10769
#: serverguide/C/lamp-applications.xml:202(programlisting)
17125
10770
#, no-wrap
17126
msgid ""
17127
"\n"
17128
"### moin\n"
17129
" ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n"
17130
" alias /moin_static184 \"/usr/share/moin/htdocs\"\n"
17131
" <Directory /usr/share/moin/htdocs>\n"
17132
" Order allow,deny\n"
17133
" allow from all\n"
17134
" </Directory>\n"
17135
"### end moin\n"
10771
msgid "\n### moin\n ScriptAlias /mywiki \"/usr/share/moin/mywiki/moin.cgi\"\n alias /moin_static184 \"/usr/share/moin/htdocs\"\n <Directory /usr/share/moin/htdocs>\n Order allow,deny\n allow from all\n </Directory>\n### end moin\n"
17136
10772
msgstr ""
17137
10773
17138
10774
#: serverguide/C/lamp-applications.xml:214(para)
17139
msgid ""
17140
"Adjust the <emphasis>\"moin_static184\"</emphasis> in the "
17141
"<emphasis>alias</emphasis> line above, to the "
17142
"<application>moinmoin</application> version installed."
10775
msgid "Adjust the <emphasis>\"moin_static184\"</emphasis> in the <emphasis>alias</emphasis> line above, to the <application>moinmoin</application> version installed."
17143
10776
msgstr ""
17144
10777
17145
10778
#: serverguide/C/lamp-applications.xml:220(para)
17146
msgid ""
17147
"Once you configure the <application>apache2</application> web server and "
17148
"make it ready for your Wiki application, you should restart it. You can run "
17149
"the following command to restart the <application>apache2</application> web "
17150
"server:"
10779
msgid "Once you configure the <application>apache2</application> web server and make it ready for your Wiki application, you should restart it. You can run the following command to restart the <application>apache2</application> web server:"
17151
10780
msgstr ""
17152
10781
17153
10782
#: serverguide/C/lamp-applications.xml:233(title)
17155
10784
msgstr ""
17156
10785
17157
10786
#: serverguide/C/lamp-applications.xml:235(para)
17158
msgid ""
17159
"You can verify the Wiki application and see if it works by pointing your web "
17160
"browser to the following URL:"
10787
msgid "You can verify the Wiki application and see if it works by pointing your web browser to the following URL:"
17161
10788
msgstr ""
17162
10789
17163
10790
#: serverguide/C/lamp-applications.xml:239(programlisting)
17164
10791
#, no-wrap
17165
msgid ""
17166
"\n"
17167
"http://localhost/mywiki\n"
10792
msgid "\nhttp://localhost/mywiki\n"
17168
10793
msgstr ""
17169
10794
17170
10795
#: serverguide/C/lamp-applications.xml:243(para)
17171
msgid ""
17172
"You can also run the test command by pointing your web browser to the "
17173
"following URL:"
10796
msgid "You can also run the test command by pointing your web browser to the following URL:"
17174
10797
msgstr ""
17175
10798
17176
10799
#: serverguide/C/lamp-applications.xml:248(programlisting)
17177
10800
#, no-wrap
17178
msgid ""
17179
"\n"
17180
"http://localhost/mywiki?action=test\n"
10801
msgid "\nhttp://localhost/mywiki?action=test\n"
17181
10802
msgstr ""
17182
10803
17183
10804
#: serverguide/C/lamp-applications.xml:252(para)
17184
msgid ""
17185
"For more details, please refer to the <ulink "
17186
"url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
10805
msgid "For more details, please refer to the <ulink url=\"http://moinmo.in/\">MoinMoin</ulink> web site."
17187
10806
msgstr ""
17188
10807
17189
10808
#: serverguide/C/lamp-applications.xml:263(para)
17190
msgid ""
17191
"For more information see the <ulink url=\"http://moinmo.in/\">moinmoin "
17192
"Wiki</ulink>."
10809
msgid "For more information see the <ulink url=\"http://moinmo.in/\">moinmoin Wiki</ulink>."
17193
10810
msgstr ""
17194
10811
17195
10812
#: serverguide/C/lamp-applications.xml:272(title)
17197
10814
msgstr ""
17198
10815
17199
10816
#: serverguide/C/lamp-applications.xml:274(para)
17200
msgid ""
17201
"MediaWiki is an web based Wiki software written in the PHP language. It can "
17202
"either use <application>MySQL</application> or "
17203
"<application>PostgreSQL</application> Database Management System."
10817
msgid "MediaWiki is an web based Wiki software written in the PHP language. It can either use <application>MySQL</application> or <application>PostgreSQL</application> Database Management System."
17204
10818
msgstr ""
17205
10819
17206
10820
#: serverguide/C/lamp-applications.xml:284(para)
17207
msgid ""
17208
"Before installing <application>MediaWiki</application> you should also "
17209
"install <application>Apache2</application>, the "
17210
"<application>PHP5</application> scripting language and Database a Management "
17211
"System. <application>MySQL</application> or "
17212
"<application>PostgreSQL</application> are the most common, choose one "
17213
"depending on your need. Please refer to those sections in this manual for "
17214
"installation instructions."
10821
msgid "Before installing <application>MediaWiki</application> you should also install <application>Apache2</application>, the <application>PHP5</application> scripting language and Database a Management System. <application>MySQL</application> or <application>PostgreSQL</application> are the most common, choose one depending on your need. Please refer to those sections in this manual for installation instructions."
17215
10822
msgstr ""
17216
10823
17217
10824
#: serverguide/C/lamp-applications.xml:292(para)
17218
msgid ""
17219
"To install <application>MediaWiki</application>, run the following command "
17220
"in the command prompt:"
10825
msgid "To install <application>MediaWiki</application>, run the following command in the command prompt:"
17221
10826
msgstr ""
17222
10827
17223
10828
#: serverguide/C/lamp-applications.xml:298(command)
17225
10830
msgstr ""
17226
10831
17227
10832
#: serverguide/C/lamp-applications.xml:301(para)
17228
msgid ""
17229
"For additional <application>MediaWiki</application> functionality see the "
17230
"<application>mediawiki-extensions</application> package."
10833
msgid "For additional <application>MediaWiki</application> functionality see the <application>mediawiki-extensions</application> package."
17231
10834
msgstr ""
17232
10835
17233
10836
#: serverguide/C/lamp-applications.xml:311(para)
17234
msgid ""
17235
"The Apache configuration file <filename>mediawiki.conf</filename> for "
17236
"MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> "
17237
"directory. You should uncomment the following line in this file to access "
17238
"MediaWiki application."
10837
msgid "The Apache configuration file <filename>mediawiki.conf</filename> for MediaWiki is installed in <filename>/etc/apache2/conf.d/</filename> directory. You should uncomment the following line in this file to access MediaWiki application."
17239
10838
msgstr ""
17240
10839
17241
10840
#: serverguide/C/lamp-applications.xml:319(screen)
17242
10841
#, no-wrap
17243
msgid ""
17244
"\n"
17245
"# Alias /mediawiki /var/lib/mediawiki\n"
10842
msgid "\n# Alias /mediawiki /var/lib/mediawiki\n"
17246
10843
msgstr ""
17247
10844
17248
10845
#: serverguide/C/lamp-applications.xml:323(para)
17249
msgid ""
17250
"After you uncomment the above line, restart Apache server and access "
17251
"MediaWiki using the following url:"
10846
msgid "After you uncomment the above line, restart Apache server and access MediaWiki using the following url:"
17252
10847
msgstr ""
17253
10848
17254
10849
#: serverguide/C/lamp-applications.xml:328(programlisting)
17255
10850
#, no-wrap
17256
msgid ""
17257
"\n"
17258
"http://localhost/mediawiki/config/index.php\n"
10851
msgid "\nhttp://localhost/mediawiki/config/index.php\n"
17259
10852
msgstr ""
17260
10853
17261
10854
#: serverguide/C/lamp-applications.xml:333(para)
17262
msgid ""
17263
"Please read the <quote>Checking environment...</quote> section in this page. "
17264
"You should be able to fix many issues by carefully reading this section."
10855
msgid "Please read the <quote>Checking environment...</quote> section in this page. You should be able to fix many issues by carefully reading this section."
17265
10856
msgstr ""
17266
10857
17267
10858
#: serverguide/C/lamp-applications.xml:340(para)
17268
msgid ""
17269
"Once the configuration is complete, you should copy the "
17270
"<filename>/var/lib/mediawiki/LocalSettings.php</filename> file to "
17271
"<filename>/etc/mediawiki</filename> directory."
10859
msgid "Once the configuration is complete, you should copy the <filename>/var/lib/mediawiki/LocalSettings.php</filename> file to <filename>/etc/mediawiki</filename> directory."
17272
10860
msgstr ""
17273
10861
17274
10862
#: serverguide/C/lamp-applications.xml:348(title)
17276
10864
msgstr ""
17277
10865
17278
10866
#: serverguide/C/lamp-applications.xml:349(para)
17279
msgid ""
17280
"The extensions add new features and enhancements for the MediaWiki "
17281
"application. The extensions give wiki administrators and end users the "
17282
"ability to customize MediaWiki to their requirements."
10867
msgid "The extensions add new features and enhancements for the MediaWiki application. The extensions give wiki administrators and end users the ability to customize MediaWiki to their requirements."
17283
10868
msgstr ""
17284
10869
17285
10870
#: serverguide/C/lamp-applications.xml:355(para)
17286
msgid ""
17287
"You can download MediaWiki extensions as an archive file or checkout from "
17288
"the Subversion repository. You should copy it to "
17289
"<filename>/var/lib/mediawiki/extensions</filename> directory. You should "
17290
"also add the following line at the end of file: "
17291
"<filename>/etc/mediawiki/LocalSettings.php</filename>."
10871
msgid "You can download MediaWiki extensions as an archive file or checkout from the Subversion repository. You should copy it to <filename>/var/lib/mediawiki/extensions</filename> directory. You should also add the following line at the end of file: <filename>/etc/mediawiki/LocalSettings.php</filename>."
17292
10872
msgstr ""
17293
10873
17294
10874
#: serverguide/C/lamp-applications.xml:363(programlisting)
17295
10875
#, no-wrap
17296
msgid ""
17297
"\n"
17298
"require_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
10876
msgid "\nrequire_once \"$IP/extensions/ExtentionName/ExtentionName.php\";\n"
17299
10877
msgstr ""
17300
10878
17301
10879
#: serverguide/C/lamp-applications.xml:373(para)
17302
msgid ""
17303
"For more details, please refer to the <ulink "
17304
"url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
10880
msgid "For more details, please refer to the <ulink url=\"http://www.mediawiki.org\">MediaWiki</ulink> web site."
17305
10881
msgstr ""
17306
10882
17307
10883
#: serverguide/C/lamp-applications.xml:379(para)
17308
msgid ""
17309
"The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki "
17310
"Administrators’ Tutorial Guide</ulink> contains a wealth of information for "
17311
"new MediaWiki administrators."
10884
msgid "The <ulink url=\"http://www.packtpub.com/Mediawiki/book\">MediaWiki Administrators’ Tutorial Guide</ulink> contains a wealth of information for new MediaWiki administrators."
17312
10885
msgstr ""
17313
10886
17314
10887
#: serverguide/C/lamp-applications.xml:389(title)
17316
10889
msgstr ""
17317
10890
17318
10891
#: serverguide/C/lamp-applications.xml:391(para)
17319
msgid ""
17320
"<application>phpMyAdmin</application> is a LAMP application specifically "
17321
"written for administering <application>MySQL</application> servers. Written "
17322
"in <application>PHP</application>, and accessed through a web browser, "
17323
"phpMyAdmin provides a graphical interface for database administration tasks."
10892
msgid "<application>phpMyAdmin</application> is a LAMP application specifically written for administering <application>MySQL</application> servers. Written in <application>PHP</application>, and accessed through a web browser, phpMyAdmin provides a graphical interface for database administration tasks."
17324
10893
msgstr ""
17325
10894
17326
10895
#: serverguide/C/lamp-applications.xml:400(para)
17327
msgid ""
17328
"Before installing <application>phpMyAdmin</application> you will need access "
17329
"to a <application>MySQL</application> database either on the same host as "
17330
"that phpMyAdmin is installed on, or on a host accessible over the network. "
17331
"For more information see <xref linkend=\"mysql\"/>. From a terminal prompt "
17332
"enter:"
10896
msgid "Before installing <application>phpMyAdmin</application> you will need access to a <application>MySQL</application> database either on the same host as that phpMyAdmin is installed on, or on a host accessible over the network. For more information see <xref linkend=\"mysql\"/>. From a terminal prompt enter:"
17333
10897
msgstr ""
17334
10898
17335
10899
#: serverguide/C/lamp-applications.xml:407(command)
17337
10901
msgstr ""
17338
10902
17339
10903
#: serverguide/C/lamp-applications.xml:410(para)
17340
msgid ""
17341
"At the prompt choose which web server to be configured for "
17342
"<application>phpMyAdmin</application>. The rest of this section will use "
17343
"<application>Apache2</application> for the web server."
10904
msgid "At the prompt choose which web server to be configured for <application>phpMyAdmin</application>. The rest of this section will use <application>Apache2</application> for the web server."
17344
10905
msgstr ""
17345
10906
17346
10907
#: serverguide/C/lamp-applications.xml:415(para)
17347
msgid ""
17348
"In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, "
17349
"replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's "
17350
"actual hostname. At the login, page enter <emphasis>root</emphasis> for the "
17351
"<emphasis>username</emphasis>, or another <application>MySQL</application> "
17352
"user if you any setup, and enter the <application>MySQL</application> user's "
17353
"password."
10908
msgid "In a browser go to <emphasis>http://servername/phpmyadmin</emphasis>, replacing <emphasis role=\"italic\">serveranme</emphasis> with the server's actual hostname. At the login, page enter <emphasis>root</emphasis> for the <emphasis>username</emphasis>, or another <application>MySQL</application> user if you any setup, and enter the <application>MySQL</application> user's password."
17354
10909
msgstr ""
17355
10910
17356
10911
#: serverguide/C/lamp-applications.xml:422(para)
17357
msgid ""
17358
"Once logged in you can reset the <emphasis>root</emphasis> password if "
17359
"needed, create users, create/destroy databases and tables, etc."
10912
msgid "Once logged in you can reset the <emphasis>root</emphasis> password if needed, create users, create/destroy databases and tables, etc."
17360
10913
msgstr ""
17361
10914
17362
10915
#: serverguide/C/lamp-applications.xml:430(para)
17363
msgid ""
17364
"The configuration files for <application>phpMyAdmin</application> are "
17365
"located in <filename>/etc/phpmyadmin</filename>. The main configuration file "
17366
"is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains "
17367
"configuration options that apply globally to "
17368
"<application>phpMyAdmin</application>."
10916
msgid "The configuration files for <application>phpMyAdmin</application> are located in <filename>/etc/phpmyadmin</filename>. The main configuration file is <filename>/etc/phpmyadmin/config.inc.php</filename>. This file contains configuration options that apply globally to <application>phpMyAdmin</application>."
17369
10917
msgstr ""
17370
10918
17371
10919
#: serverguide/C/lamp-applications.xml:436(para)
17372
msgid ""
17373
"To use <application>phpMyAdmin</application> to administer a MySQL database "
17374
"hosted on another server, adjust the following in "
17375
"<filename>/etc/phpmyadmin/config.inc.php</filename>:"
10920
msgid "To use <application>phpMyAdmin</application> to administer a MySQL database hosted on another server, adjust the following in <filename>/etc/phpmyadmin/config.inc.php</filename>:"
17376
10921
msgstr ""
17377
10922
17378
10923
#: serverguide/C/lamp-applications.xml:441(programlisting)
17379
10924
#, no-wrap
17380
msgid ""
17381
"\n"
17382
"$cfg['Servers'][$i]['host'] = 'db_server';\n"
10925
msgid "\n$cfg['Servers'][$i]['host'] = 'db_server';\n"
17383
10926
msgstr ""
17384
10927
17385
10928
#: serverguide/C/lamp-applications.xml:446(para)
17386
msgid ""
17387
"Replace <emphasis role=\"italic\">db_server</emphasis> with the actual "
17388
"remote database server name or IP address. Also, be sure that the "
17389
"<application>phpMyAdmin</application> host has permissions to access the "
17390
"remote database."
10929
msgid "Replace <emphasis role=\"italic\">db_server</emphasis> with the actual remote database server name or IP address. Also, be sure that the <application>phpMyAdmin</application> host has permissions to access the remote database."
17391
10930
msgstr ""
17392
10931
17393
10932
#: serverguide/C/lamp-applications.xml:452(para)
17394
msgid ""
17395
"Once configured, log out of <application>phpMyAdmin</application> and back "
17396
"in, and you should be accessing the new server."
10933
msgid "Once configured, log out of <application>phpMyAdmin</application> and back in, and you should be accessing the new server."
17397
10934
msgstr ""
17398
10935
17399
10936
#: serverguide/C/lamp-applications.xml:456(para)
17400
msgid ""
17401
"The <filename>config.header.inc.php</filename> and "
17402
"<filename>config.footer.inc.php</filename> files are used to add a HTML "
17403
"header and footer to <application>phpMyAdmin</application>."
10937
msgid "The <filename>config.header.inc.php</filename> and <filename>config.footer.inc.php</filename> files are used to add a HTML header and footer to <application>phpMyAdmin</application>."
17404
10938
msgstr ""
17405
10939
17406
10940
#: serverguide/C/lamp-applications.xml:461(para)
17407
msgid ""
17408
"Another important configuration file is "
17409
"<filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to "
17410
"<filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to "
17411
"configure <application>Apache2</application> to serve the "
17412
"<application>phpMyAdmin</application> site. The file contains directives for "
17413
"loading <application>PHP</application>, directory permissions, etc. For more "
17414
"information on configuring <application>Apache2</application> see <xref "
17415
"linkend=\"httpd\"/>."
10941
msgid "Another important configuration file is <filename>/etc/phpmyadmin/apache.conf</filename>, this file is symlinked to <filename>/etc/apache2/conf.d/phpmyadmin.conf</filename>, and is used to configure <application>Apache2</application> to serve the <application>phpMyAdmin</application> site. The file contains directives for loading <application>PHP</application>, directory permissions, etc. For more information on configuring <application>Apache2</application> see <xref linkend=\"httpd\"/>."
17416
10942
msgstr ""
17417
10943
17418
10944
#: serverguide/C/lamp-applications.xml:475(para)
17419
msgid ""
17420
"The <application>phpMyAdmin</application> documentation comes installed with "
17421
"the package and can be accessed from the <emphasis>phpMyAdmin "
17422
"Documentation</emphasis> link (a question mark with a box around it) under "
17423
"the phpMyAdmin logo. The official docs can also be access on the <ulink "
17424
"url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
10945
msgid "The <application>phpMyAdmin</application> documentation comes installed with the package and can be accessed from the <emphasis>phpMyAdmin Documentation</emphasis> link (a question mark with a box around it) under the phpMyAdmin logo. The official docs can also be access on the <ulink url=\"http://www.phpmyadmin.net/home_page/docs.php\">phpMyAdmin</ulink> site."
17425
10946
msgstr ""
17426
10947
17427
10948
#: serverguide/C/lamp-applications.xml:482(para)
17428
msgid ""
17429
"Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-"
17430
"edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
10949
msgid "Also, <ulink url=\"http://www.packtpub.com/phpmyadmin-3rd-edition/book\">Mastering phpMyAdmin</ulink> is a great resource."
17431
10950
msgstr ""
17432
10951
17433
10952
#: serverguide/C/introduction.xml:14(para)
17435
10954
msgstr ""
17436
10955
17437
10956
#: serverguide/C/introduction.xml:15(para)
17438
msgid ""
17439
"Here you can find information on how to install and configure various server "
17440
"applications. It is a step-by-step, task-oriented guide for configuring and "
17441
"customizing your system."
10957
msgid "Here you can find information on how to install and configure various server applications. It is a step-by-step, task-oriented guide for configuring and customizing your system."
17442
10958
msgstr ""
17443
10959
17444
10960
#: serverguide/C/introduction.xml:19(para)
17445
msgid ""
17446
"This guide assumes you have a basic understanding of your Ubuntu system. "
17447
"Some installation details are covered in <xref linkend=\"installation\"/>, "
17448
"but if you need detailed instructions installing Ubuntu please refer to the "
17449
"<ulink url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu "
17450
"Installation Guide</ulink>."
10961
msgid "This guide assumes you have a basic understanding of your Ubuntu system. Some installation details are covered in <xref linkend=\"installation\"/>, but if you need detailed instructions installing Ubuntu please refer to the <ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu Installation Guide</ulink>."
17451
10962
msgstr ""
17452
10963
17453
10964
#: serverguide/C/introduction.xml:25(para)
17454
msgid ""
17455
"A HTML version of the manual is available online at <ulink "
17456
"url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The "
17457
"HTML files are also available in the <application>ubuntu-"
17458
"serverguide</application> package. See <xref linkend=\"package-"
17459
"management\"/> for details on installing packages."
10965
msgid "A HTML version of the manual is available online at <ulink url=\"http://help.ubuntu.com\">the Ubuntu Documentation website</ulink>. The HTML files are also available in the <application>ubuntu-serverguide</application> package. See <xref linkend=\"package-management\"/> for details on installing packages."
17460
10966
msgstr ""
17461
10967
17462
10968
#: serverguide/C/introduction.xml:32(para)
17463
msgid ""
17464
"If you choose to install the <application>ubuntu-serverguide</application> "
17465
"you can view this document from a console by:"
10969
msgid "If you choose to install the <application>ubuntu-serverguide</application> you can view this document from a console by:"
17466
10970
msgstr ""
17467
10971
17468
10972
#: serverguide/C/introduction.xml:36(command)
17478
10982
msgstr ""
17479
10983
17480
10984
#: serverguide/C/introduction.xml:55(para)
17481
msgid ""
17482
"There a couple of different ways that Ubuntu Server Edition is supported, "
17483
"commercial support and community support. The main commercial support (and "
17484
"development funding) is available from Canonical Ltd. They supply reasonably "
17485
"priced support contracts on a per desktop or per server basis. For more "
17486
"information see the <ulink "
17487
"url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> "
17488
"page."
10985
msgid "There a couple of different ways that Ubuntu Server Edition is supported, commercial support and community support. The main commercial support (and development funding) is available from Canonical Ltd. They supply reasonably priced support contracts on a per desktop or per server basis. For more information see the <ulink url=\"http://www.canonical.com/services/support\">Canonical Services</ulink> page."
17489
10986
msgstr ""
17490
10987
17491
10988
#: serverguide/C/introduction.xml:62(para)
17492
msgid ""
17493
"Community support is also provided by dedicated individuals, and companies, "
17494
"that wish to make Ubuntu the best distribution possible. Support is provided "
17495
"through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The "
17496
"large amount of information available can be overwhelming, but a good search "
17497
"engine query can usually provide an answer to your questions. See the <ulink "
17498
"url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more "
17499
"information."
10989
msgid "Community support is also provided by dedicated individuals, and companies, that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions. See the <ulink url=\"http://www.ubuntu.com/support\">Ubuntu Support</ulink> page for more information."
17500
10990
msgstr ""
17501
10991
17502
10992
#: serverguide/C/installation.xml:14(para)
17503
msgid ""
17504
"This chapter provides a quick overview of installing Ubuntu 9.10 Server "
17505
"Edition. For more detailed instructions, please refer to the <ulink "
17506
"url=\"https://help.ubuntu.com/9.10/installation-guide/\">Ubuntu Installation "
17507
"Guide</ulink>."
10993
msgid "This chapter provides a quick overview of installing Ubuntu 10.04 LTS Server Edition. For more detailed instructions, please refer to the <ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\">Ubuntu Installation Guide</ulink>."
17508
10994
msgstr ""
17509
10995
17510
10996
#: serverguide/C/installation.xml:19(title)
17512
10998
msgstr ""
17513
10999
17514
11000
#: serverguide/C/installation.xml:20(para)
17515
msgid ""
17516
"This section explains various aspects to consider before starting the "
17517
"installation."
11001
msgid "This section explains various aspects to consider before starting the installation."
17518
11002
msgstr ""
17519
11003
17520
11004
#: serverguide/C/installation.xml:24(title)
17522
11006
msgstr ""
17523
11007
17524
11008
#: serverguide/C/installation.xml:25(para)
17525
msgid ""
17526
"Ubuntu 9.10 Server Edition supports two (2) major architectures: Intel x86 "
17527
"and AMD64. The table below lists recommended hardware specifications. "
17528
"Depending on your needs, you might manage with less than this. However, most "
17529
"users risk being frustrated if they ignore these suggestions."
11009
msgid "Ubuntu 10.04 LTS Server Edition supports two (2) major architectures: Intel x86 and AMD64. The table below lists recommended hardware specifications. Depending on your needs, you might manage with less than this. However, most users risk being frustrated if they ignore these suggestions."
17530
11010
msgstr ""
17531
11011
17532
11012
#: serverguide/C/installation.xml:27(title)
17570
11050
msgstr ""
17571
11051
17572
11052
#: serverguide/C/installation.xml:54(para)
17573
msgid ""
17574
"The Server Edition provides a common base for all sorts of server "
17575
"applications. It is a minimalist design providing a platform for the desired "
17576
"services, such as file/print services, web hosting, email hosting, etc."
11053
msgid "The Server Edition provides a common base for all sorts of server applications. It is a minimalist design providing a platform for the desired services, such as file/print services, web hosting, email hosting, etc."
17577
11054
msgstr ""
17578
11055
17579
11056
#: serverguide/C/installation.xml:62(title)
17581
11058
msgstr ""
17582
11059
17583
11060
#: serverguide/C/installation.xml:63(para)
17584
msgid ""
17585
"There are a few differences between the <emphasis>Ubuntu Server "
17586
"Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It "
17587
"should be noted that both editions use the same "
17588
"<application>apt</application> repositories. Making it just as easy to "
17589
"install a <emphasis role=\"italic\">server</emphasis> application on the "
17590
"Desktop Edition as it is on the Server Edition."
11061
msgid "There are a few differences between the <emphasis>Ubuntu Server Edition</emphasis> and the <emphasis>Ubuntu Desktop Edition</emphasis>. It should be noted that both editions use the same <application>apt</application> repositories. Making it just as easy to install a <emphasis role=\"italic\">server</emphasis> application on the Desktop Edition as it is on the Server Edition."
17591
11062
msgstr ""
17592
11063
17593
11064
#: serverguide/C/installation.xml:69(para)
17594
msgid ""
17595
"The differences between the two editions are the lack of an X window "
17596
"environment in the Server Edition, the installation process, and different "
17597
"Kernel options."
11065
msgid "The differences between the two editions are the lack of an X window environment in the Server Edition, the installation process, and different Kernel options."
17598
11066
msgstr ""
17599
11067
17600
11068
#: serverguide/C/installation.xml:76(title)
17602
11070
msgstr ""
17603
11071
17604
11072
#: serverguide/C/installation.xml:79(para)
17605
msgid ""
17606
"The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler "
17607
"instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop "
17608
"Edition."
11073
msgid "The Server Edition uses the <emphasis>Deadline</emphasis> I/O scheduler instead of the <emphasis>CFQ</emphasis> scheduler used by the Desktop Edition."
17609
11074
msgstr ""
17610
11075
17611
11076
#: serverguide/C/installation.xml:85(para)
17613
11078
msgstr ""
17614
11079
17615
11080
#: serverguide/C/installation.xml:90(para)
17616
msgid ""
17617
"The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the "
17618
"Desktop Edition."
11081
msgid "The timer interrupt is 100 Hz in the Server Edition and 250 Hz in the Desktop Edition."
17619
11082
msgstr ""
17620
11083
17621
11084
#: serverguide/C/installation.xml:96(para)
17622
msgid ""
17623
"When running a 64-bit version of Ubuntu on 64-bit processors you are not "
17624
"limited by memory addressing space."
11085
msgid "When running a 64-bit version of Ubuntu on 64-bit processors you are not limited by memory addressing space."
17625
11086
msgstr ""
17626
11087
17627
11088
#: serverguide/C/installation.xml:101(para)
17628
msgid ""
17629
"To see all kernel configuration options you can look through "
17630
"<filename>/boot/config-2.6.31-server</filename>. Also, <ulink "
17631
"url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a "
17632
"great resource on the options available."
11089
msgid "To see all kernel configuration options you can look through <filename>/boot/config-2.6.31-server</filename>. Also, <ulink url=\"http://www.kroah.com/lkn/\">Linux Kernel in a Nutshell</ulink> is a great resource on the options available."
17633
11090
msgstr ""
17634
11091
17635
11092
#: serverguide/C/installation.xml:110(title)
17637
11094
msgstr ""
17638
11095
17639
11096
#: serverguide/C/installation.xml:113(para)
17640
msgid ""
17641
"Before installing <application>Ubuntu Server Edition</application> you "
17642
"should make sure all data on the system is backed up. See <xref "
17643
"linkend=\"backups\"/> for backup options."
11097
msgid "Before installing <application>Ubuntu Server Edition</application> you should make sure all data on the system is backed up. See <xref linkend=\"backups\"/> for backup options."
17644
11098
msgstr ""
17645
11099
17646
11100
#: serverguide/C/installation.xml:117(para)
17647
msgid ""
17648
"If this is not the first time an operating system has been installed on your "
17649
"computer, it is likely you will need to re-partition your disk to make room "
17650
"for Ubuntu."
11101
msgid "If this is not the first time an operating system has been installed on your computer, it is likely you will need to re-partition your disk to make room for Ubuntu."
17651
11102
msgstr ""
17652
11103
17653
11104
#: serverguide/C/installation.xml:121(para)
17654
msgid ""
17655
"Any time you partition your disk, you should be prepared to lose everything "
17656
"on the disk should you make a mistake or something goes wrong during "
17657
"partitioning. The programs used in installation are quite reliable, most "
17658
"have seen years of use, but they also perform destructive actions."
11105
msgid "Any time you partition your disk, you should be prepared to lose everything on the disk should you make a mistake or something goes wrong during partitioning. The programs used in installation are quite reliable, most have seen years of use, but they also perform destructive actions."
17659
11106
msgstr ""
17660
11107
17661
11108
#: serverguide/C/installation.xml:133(title)
17663
11110
msgstr ""
17664
11111
17665
11112
#: serverguide/C/installation.xml:134(para)
17666
msgid ""
17667
"The basic steps to install Ubuntu Server Edition from CD are the same for "
17668
"installing any operating system from CD. Unlike the <emphasis>Desktop "
17669
"Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include "
17670
"a graphical installation program. Instead the Server Edition uses a console "
17671
"menu based process."
11113
msgid "The basic steps to install Ubuntu Server Edition from CD are the same for installing any operating system from CD. Unlike the <emphasis>Desktop Edition</emphasis> the <emphasis>Server Edition</emphasis> does not include a graphical installation program. Instead the Server Edition uses a console menu based process."
17672
11114
msgstr ""
17673
11115
17674
11116
#: serverguide/C/installation.xml:141(para)
17675
msgid ""
17676
"First, download and burn the appropriate ISO file from the <ulink "
17677
"url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
11117
msgid "First, download and burn the appropriate ISO file from the <ulink url=\"http://www.ubuntu.com/getubuntu/download\"> Ubuntu web site</ulink>."
17678
11118
msgstr ""
17679
11119
17680
11120
#: serverguide/C/installation.xml:147(para)
17682
11122
msgstr ""
17683
11123
17684
11124
#: serverguide/C/installation.xml:152(para)
17685
msgid ""
17686
"At the boot prompt you will be asked to select the language. Afterwards the "
17687
"installation process begins by asking for your keyboard layout."
11125
msgid "At the boot prompt you will be asked to select the language. Afterwards the installation process begins by asking for your keyboard layout."
17688
11126
msgstr ""
17689
11127
17690
11128
#: serverguide/C/installation.xml:158(para)
17691
msgid ""
17692
"The installer then discovers your hardware configuration, and configures the "
17693
"network settings using DHCP. If you do not wish to use DHCP at the next "
17694
"screen choose \"Go Back\", and you have the option to \"Configure the "
17695
"network manually\"."
11129
msgid "The installer then discovers your hardware configuration, and configures the network settings using DHCP. If you do not wish to use DHCP at the next screen choose \"Go Back\", and you have the option to \"Configure the network manually\"."
17696
11130
msgstr ""
17697
11131
17698
11132
#: serverguide/C/installation.xml:165(para)
17700
11134
msgstr ""
17701
11135
17702
11136
#: serverguide/C/installation.xml:170(para)
17703
msgid ""
17704
"You can then choose from several options to configure the hard drive layout. "
17705
"For advanced disk options see <xref linkend=\"advanced-installation\"/>."
11137
msgid "You can then choose from several options to configure the hard drive layout. For advanced disk options see <xref linkend=\"advanced-installation\"/>."
17706
11138
msgstr ""
17707
11139
17708
11140
#: serverguide/C/installation.xml:176(para)
17710
11142
msgstr ""
17711
11143
17712
11144
#: serverguide/C/installation.xml:181(para)
17713
msgid ""
17714
"A new user is setup, this user will have <emphasis>root</emphasis> access "
17715
"through the <application>sudo</application> utility."
11145
msgid "A new user is setup, this user will have <emphasis>root</emphasis> access through the <application>sudo</application> utility."
17716
11146
msgstr ""
17717
11147
17718
11148
#: serverguide/C/installation.xml:187(para)
17719
msgid ""
17720
"After the user is setup, you will be asked to encrypt your <filename "
17721
"role=\"directory\">home</filename> directory."
11149
msgid "After the user is setup, you will be asked to encrypt your <filename role=\"directory\">home</filename> directory."
17722
11150
msgstr ""
17723
11151
17724
11152
#: serverguide/C/installation.xml:193(para)
17725
msgid ""
17726
"The next step in the installation process is to decide how you want to "
17727
"update the system. There are three options:"
11153
msgid "The next step in the installation process is to decide how you want to update the system. There are three options:"
17728
11154
msgstr ""
17729
11155
17730
11156
#: serverguide/C/installation.xml:199(para)
17731
msgid ""
17732
"<emphasis>No automatic updates</emphasis>: this requires an administrator to "
17733
"log into the machine and manually install updates."
11157
msgid "<emphasis>No automatic updates</emphasis>: this requires an administrator to log into the machine and manually install updates."
17734
11158
msgstr ""
17735
11159
17736
11160
#: serverguide/C/installation.xml:205(para)
17737
msgid ""
17738
"<emphasis>Install security updates Automatically</emphasis>: will install "
17739
"the <application>unattended-upgrades</application> package, which will "
17740
"install security updates without the intervention of an administrator. For "
17741
"more details see <xref linkend=\"automatic-updates\"/>."
11161
msgid "<emphasis>Install security updates Automatically</emphasis>: will install the <application>unattended-upgrades</application> package, which will install security updates without the intervention of an administrator. For more details see <xref linkend=\"automatic-updates\"/>."
17742
11162
msgstr ""
17743
11163
17744
11164
#: serverguide/C/installation.xml:212(para)
17745
msgid ""
17746
"<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid "
17747
"service provided by Canonical to help manage your Ubuntu machines. See the "
17748
"<ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> "
17749
"site for details."
11165
msgid "<emphasis>Manage the system with Landscape</emphasis>: Landscape is a paid service provided by Canonical to help manage your Ubuntu machines. See the <ulink url=\"http://www.canonical.com/projects/landscape\">Landscape</ulink> site for details."
17750
11166
msgstr ""
17751
11167
17752
11168
#: serverguide/C/installation.xml:221(para)
17753
msgid ""
17754
"You now have the option to install, or not install, several package tasks. "
17755
"See <xref linkend=\"install-tasks\"/> for details. Also, there is an option "
17756
"to launch <application>aptitude</application> to choose specific packages to "
17757
"install. For more information see <xref linkend=\"aptitude\"/>."
11169
msgid "You now have the option to install, or not install, several package tasks. See <xref linkend=\"install-tasks\"/> for details. Also, there is an option to launch <application>aptitude</application> to choose specific packages to install. For more information see <xref linkend=\"aptitude\"/>."
17758
11170
msgstr ""
17759
11171
17760
11172
#: serverguide/C/installation.xml:229(para)
17762
11174
msgstr ""
17763
11175
17764
11176
#: serverguide/C/installation.xml:235(para)
17765
msgid ""
17766
"If at any point during installation you are not satisfied by the default "
17767
"setting, use the \"Go Back\" function at any prompt to be brought to a "
17768
"detailed installation menu that will allow you to modify the default "
17769
"settings."
11177
msgid "If at any point during installation you are not satisfied by the default setting, use the \"Go Back\" function at any prompt to be brought to a detailed installation menu that will allow you to modify the default settings."
17770
11178
msgstr ""
17771
11179
17772
11180
#: serverguide/C/installation.xml:240(para)
17773
msgid ""
17774
"At some point during the installation process you may want to read the help "
17775
"screen provided by the installation system. To do this, press F1."
11181
msgid "At some point during the installation process you may want to read the help screen provided by the installation system. To do this, press F1."
17776
11182
msgstr ""
17777
11183
17778
11184
#: serverguide/C/installation.xml:245(para)
17779
msgid ""
17780
"Once again, for detailed instructions see the <ulink "
17781
"url=\"https://help.ubuntu.com/9.10/installation-guide/\"> Ubuntu "
17782
"Installation Guide</ulink>."
11185
msgid "Once again, for detailed instructions see the <ulink url=\"https://help.ubuntu.com/10.04 LTS/installation-guide/\"> Ubuntu Installation Guide</ulink>."
17783
11186
msgstr ""
17784
11187
17785
11188
#: serverguide/C/installation.xml:251(title)
17787
11190
msgstr ""
17788
11191
17789
11192
#: serverguide/C/installation.xml:252(para)
17790
msgid ""
17791
"During the Server Edition installation you have the option of installing "
17792
"additional packages from the CD. The packages are grouped by the type of "
17793
"service they provide."
11193
msgid "During the Server Edition installation you have the option of installing additional packages from the CD. The packages are grouped by the type of service they provide."
17794
11194
msgstr ""
17795
11195
17796
11196
#: serverguide/C/installation.xml:258(para)
17802
11202
msgstr ""
17803
11203
17804
11204
#: serverguide/C/installation.xml:268(para)
17805
msgid ""
17806
"Mail server: This task selects a variety of package useful for a general "
17807
"purpose mail server system."
11205
msgid "Mail server: This task selects a variety of package useful for a general purpose mail server system."
17808
11206
msgstr ""
17809
11207
17810
11208
#: serverguide/C/installation.xml:273(para)
17812
11210
msgstr ""
17813
11211
17814
11212
#: serverguide/C/installation.xml:278(para)
17815
msgid ""
17816
"PostgreSQL database: This task selects client and server packages for the "
17817
"PostgreSQL database."
11213
msgid "PostgreSQL database: This task selects client and server packages for the PostgreSQL database."
17818
11214
msgstr ""
17819
11215
17820
11216
#: serverguide/C/installation.xml:283(para)
17822
11218
msgstr ""
17823
11219
17824
11220
#: serverguide/C/installation.xml:288(para)
17825
msgid ""
17826
"Samba File server: This task sets up your system to be a Samba file server, "
17827
"which is especially suitable in networks with both Windows and Linux systems."
11221
msgid "Samba File server: This task sets up your system to be a Samba file server, which is especially suitable in networks with both Windows and Linux systems."
17828
11222
msgstr ""
17829
11223
17830
11224
#: serverguide/C/installation.xml:294(para)
17831
msgid ""
17832
"Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, "
17833
"etc."
11225
msgid "Tomcat server: Installs the Apache Tomcat and needed dependencies Java, gcj, etc."
17834
11226
msgstr ""
17835
11227
17836
11228
#: serverguide/C/installation.xml:299(para)
17837
msgid ""
17838
"Virtual machine host: Includes packages needed to run KVM virtual machines."
11229
msgid "Virtual machine host: Includes packages needed to run KVM virtual machines."
17839
11230
msgstr ""
17840
11231
17841
11232
#: serverguide/C/installation.xml:304(para)
17842
msgid ""
17843
"Installing the package groups is accomplished using the "
17844
"<application>tasksel</application> utility. One of the important difference "
17845
"between Ubuntu (or Debian) and other GNU/Linux distribution is that, when "
17846
"installed, a package is also configured to reasonable defaults, eventually "
17847
"prompting you for additional required information. Likewise, when installing "
17848
"a task, the packages are not only installed, but also configured to provided "
17849
"a fully integrated service."
11233
msgid "Installing the package groups is accomplished using the <application>tasksel</application> utility. One of the important difference between Ubuntu (or Debian) and other GNU/Linux distribution is that, when installed, a package is also configured to reasonable defaults, eventually prompting you for additional required information. Likewise, when installing a task, the packages are not only installed, but also configured to provided a fully integrated service."
17850
11234
msgstr ""
17851
11235
17852
11236
#: serverguide/C/installation.xml:311(para)
17853
msgid ""
17854
"Once the installation process has finished you can view a list of available "
17855
"tasks by entering the following from a terminal prompt:"
11237
msgid "Once the installation process has finished you can view a list of available tasks by entering the following from a terminal prompt:"
17856
11238
msgstr ""
17857
11239
17858
11240
#: serverguide/C/installation.xml:316(command)
17860
11242
msgstr ""
17861
11243
17862
11244
#: serverguide/C/installation.xml:319(para)
17863
msgid ""
17864
"The output will list tasks from other Ubuntu based distributions such as "
17865
"Kubuntu and Edubuntu. Note that you can also invoke the "
17866
"<command>tasksel</command> command by itself, which will bring up a menu of "
17867
"the different tasks available."
11245
msgid "The output will list tasks from other Ubuntu based distributions such as Kubuntu and Edubuntu. Note that you can also invoke the <command>tasksel</command> command by itself, which will bring up a menu of the different tasks available."
17868
11246
msgstr ""
17869
11247
17870
11248
#: serverguide/C/installation.xml:325(para)
17871
msgid ""
17872
"You can view a list of which packages are installed with each task using the "
17873
"<emphasis>--task-packages</emphasis> option. For example, to list the "
17874
"packages installed with the <emphasis>DNS Server</emphasis> task enter the "
17875
"following:"
11249
msgid "You can view a list of which packages are installed with each task using the <emphasis>--task-packages</emphasis> option. For example, to list the packages installed with the <emphasis>DNS Server</emphasis> task enter the following:"
17876
11250
msgstr ""
17877
11251
17878
11252
#: serverguide/C/installation.xml:330(command)
17885
11259
17886
11260
#: serverguide/C/installation.xml:335(programlisting)
17887
11261
#, no-wrap
17888
msgid ""
17889
"\n"
17890
"bind9-doc \n"
17891
"bind9utils \n"
17892
"bind9\n"
11262
msgid "\nbind9-doc \nbind9utils \nbind9\n"
17893
11263
msgstr ""
17894
11264
17895
11265
#: serverguide/C/installation.xml:340(para)
17896
msgid ""
17897
"Also, if you did not install one of the tasks during the installation "
17898
"process, but for example you decide to make your new LAMP server a DNS "
17899
"server as well. Simply insert the installation CD and from a terminal:"
11266
msgid "Also, if you did not install one of the tasks during the installation process, but for example you decide to make your new LAMP server a DNS server as well. Simply insert the installation CD and from a terminal:"
17900
11267
msgstr ""
17901
11268
17902
11269
#: serverguide/C/installation.xml:345(command)
17908
11275
msgstr ""
17909
11276
17910
11277
#: serverguide/C/installation.xml:351(para)
17911
msgid ""
17912
"There are several ways to upgrade from one Ubuntu release to another. This "
17913
"section gives an overview of the recommended upgrade method."
11278
msgid "There are several ways to upgrade from one Ubuntu release to another. This section gives an overview of the recommended upgrade method."
17914
11279
msgstr ""
17915
11280
17916
11281
#: serverguide/C/installation.xml:355(title) serverguide/C/installation.xml:370(command)
17918
11283
msgstr ""
17919
11284
17920
11285
#: serverguide/C/installation.xml:356(para)
17921
msgid ""
17922
"The recommended way to upgrade a Server Edition installation is to use the "
17923
"<application>do-release-upgrade</application> utility. Part of the "
17924
"<emphasis>update-manager-core</emphasis> package, it does not have any "
17925
"graphical dependencies and is installed by default."
11286
msgid "The recommended way to upgrade a Server Edition installation is to use the <application>do-release-upgrade</application> utility. Part of the <emphasis>update-manager-core</emphasis> package, it does not have any graphical dependencies and is installed by default."
17926
11287
msgstr ""
17927
11288
17928
11289
#: serverguide/C/installation.xml:361(para)
17929
msgid ""
17930
"Debian based systems can also be upgraded by using <command>apt-get dist-"
17931
"upgrade</command>. However, using <application>do-release-"
17932
"upgrade</application> is recommended because it has the ability to handle "
17933
"system configuration changes sometimes needed between releases."
11290
msgid "Debian based systems can also be upgraded by using <command>apt-get dist-upgrade</command>. However, using <application>do-release-upgrade</application> is recommended because it has the ability to handle system configuration changes sometimes needed between releases."
17934
11291
msgstr ""
17935
11292
17936
11293
#: serverguide/C/installation.xml:366(para)
17938
11295
msgstr ""
17939
11296
17940
11297
#: serverguide/C/installation.xml:372(para)
17941
msgid ""
17942
"It is also possible to use <application>do-release-upgrade</application> to "
17943
"upgrade to a development version of Ubuntu. To accomplish this use the "
17944
"<emphasis>-d</emphasis> switch:"
11298
msgid "It is also possible to use <application>do-release-upgrade</application> to upgrade to a development version of Ubuntu. To accomplish this use the <emphasis>-d</emphasis> switch:"
17945
11299
msgstr ""
17946
11300
17947
11301
#: serverguide/C/installation.xml:377(command)
17949
11303
msgstr ""
17950
11304
17951
11305
#: serverguide/C/installation.xml:380(para)
17952
msgid ""
17953
"Upgrading to a development release is <emphasis>not</emphasis> recommended "
17954
"for production environments."
11306
msgid "Upgrading to a development release is <emphasis>not</emphasis> recommended for production environments."
17955
11307
msgstr ""
17956
11308
17957
11309
#: serverguide/C/installation.xml:387(title)
17963
11315
msgstr ""
17964
11316
17965
11317
#: serverguide/C/installation.xml:392(para)
17966
msgid ""
17967
"RAID is a method of configuring multiple hard drives to act as one, reducing "
17968
"the probability of catastrophic data loss in case of drive failure. RAID is "
17969
"implemented in either software (where the operating system knows about both "
17970
"drives and actively maintains both of them) or hardware (where a special "
17971
"controller makes the OS think there's only one drive and maintains the "
17972
"drives 'invisibly')."
11318
msgid "RAID is a method of configuring multiple hard drives to act as one, reducing the probability of catastrophic data loss in case of drive failure. RAID is implemented in either software (where the operating system knows about both drives and actively maintains both of them) or hardware (where a special controller makes the OS think there's only one drive and maintains the drives 'invisibly')."
17973
11319
msgstr ""
17974
11320
17975
11321
#: serverguide/C/installation.xml:399(para)
17976
msgid ""
17977
"The RAID software included with current versions of Linux (and Ubuntu) is "
17978
"based on the <application>'mdadm'</application> driver and works very well, "
17979
"better even than many so-called 'hardware' RAID controllers. This section "
17980
"will guide you through installing Ubuntu Server Edition using two RAID1 "
17981
"partitions on two physical hard drives, one for <emphasis>/</emphasis> and "
17982
"another for <emphasis>swap</emphasis>."
11322
msgid "The RAID software included with current versions of Linux (and Ubuntu) is based on the <application>'mdadm'</application> driver and works very well, better even than many so-called 'hardware' RAID controllers. This section will guide you through installing Ubuntu Server Edition using two RAID1 partitions on two physical hard drives, one for <emphasis>/</emphasis> and another for <emphasis>swap</emphasis>."
17983
11323
msgstr ""
17984
11324
17985
#: serverguide/C/installation.xml:409(para) serverguide/C/installation.xml:926(para)
17986
msgid ""
17987
"Follow the installation steps until you get to the <emphasis>Partition "
17988
"disks</emphasis> step, then:"
11325
#: serverguide/C/installation.xml:409(para) serverguide/C/installation.xml:928(para)
11326
msgid "Follow the installation steps until you get to the <emphasis>Partition disks</emphasis> step, then:"
17989
11327
msgstr ""
17990
11328
17991
11329
#: serverguide/C/installation.xml:416(para)
17993
11331
msgstr ""
17994
11332
17995
11333
#: serverguide/C/installation.xml:423(para)
17996
msgid ""
17997
"Select the first hard drive, and agree to <emphasis>\"Create a new empty "
17998
"partition table on this device?\"</emphasis>."
11334
msgid "Select the first hard drive, and agree to <emphasis>\"Create a new empty partition table on this device?\"</emphasis>."
17999
11335
msgstr ""
18000
11336
18001
11337
#: serverguide/C/installation.xml:427(para)
18002
msgid ""
18003
"Repeat this step for each drive you wish to be part of the RAID array."
11338
msgid "Repeat this step for each drive you wish to be part of the RAID array."
18004
11339
msgstr ""
18005
11340
18006
11341
#: serverguide/C/installation.xml:434(para)
18007
msgid ""
18008
"Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then "
18009
"select <emphasis>\"Create a new partition\"</emphasis>."
11342
msgid "Select the <emphasis>\"FREE SPACE\"</emphasis> on the first drive then select <emphasis>\"Create a new partition\"</emphasis>."
18010
11343
msgstr ""
18011
11344
18012
11345
#: serverguide/C/installation.xml:441(para)
18013
msgid ""
18014
"Next, select the <emphasis>Size</emphasis> of the partition. This partition "
18015
"will be the <emphasis>swap</emphasis> partition, and a general rule for swap "
18016
"size is twice that of RAM. Enter the partition size, then choose "
18017
"<emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
11346
msgid "Next, select the <emphasis>Size</emphasis> of the partition. This partition will be the <emphasis>swap</emphasis> partition, and a general rule for swap size is twice that of RAM. Enter the partition size, then choose <emphasis>Primary</emphasis>, then <emphasis>Beginning</emphasis>."
18018
11347
msgstr ""
18019
11348
18020
11349
#: serverguide/C/installation.xml:450(para)
18021
msgid ""
18022
"Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this "
18023
"is <emphasis role=\"italic\">\"Ext3 journaling file system\"</emphasis>, "
18024
"change that to <emphasis>\"physical volume for RAID\"</emphasis> then "
18025
"<emphasis>\"Done setting up partition\"</emphasis>."
11350
msgid "Select the <emphasis>\"Use as:\"</emphasis> line at the top. By default this is <emphasis role=\"italic\">\"Ext4 journaling file system\"</emphasis>, change that to <emphasis>\"physical volume for RAID\"</emphasis> then <emphasis>\"Done setting up partition\"</emphasis>."
18026
11351
msgstr ""
18027
11352
18028
11353
#: serverguide/C/installation.xml:459(para)
18029
msgid ""
18030
"For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free "
18031
"Space\"</emphasis> on the first drive then <emphasis>\"Create a new "
18032
"partition\"</emphasis>."
11354
msgid "For the <emphasis>/</emphasis> partition once again select <emphasis>\"Free Space\"</emphasis> on the first drive then <emphasis>\"Create a new partition\"</emphasis>."
18033
11355
msgstr ""
18034
11356
18035
11357
#: serverguide/C/installation.xml:467(para)
18036
msgid ""
18037
"Use the rest of the free space on the drive and choose "
18038
"<emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
11358
msgid "Use the rest of the free space on the drive and choose <emphasis>Continue</emphasis>, then <emphasis>Primary</emphasis>."
18039
11359
msgstr ""
18040
11360
18041
11361
#: serverguide/C/installation.xml:474(para)
18042
msgid ""
18043
"As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line "
18044
"at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis> "
18045
"then choose <emphasis>\"Done setting up partition\"</emphasis>."
11362
msgid "As with the swap partition, select the <emphasis>\"Use as:\"</emphasis> line at the top, changing it to <emphasis>\"physical volume for RAID\"</emphasis>. Also select the <emphasis>\"Bootable flag:\"</emphasis> line to change the value to <emphasis>\"on\"</emphasis>. Then choose <emphasis>\"Done setting up partition\"</emphasis>."
18046
11363
msgstr ""
18047
11364
18048
#: serverguide/C/installation.xml:482(para)
11365
#: serverguide/C/installation.xml:484(para)
18049
11366
msgid "Repeat steps three through eight for the other disk and partitions."
18050
11367
msgstr ""
18051
11368
18052
#: serverguide/C/installation.xml:491(title)
11369
#: serverguide/C/installation.xml:493(title)
18053
11370
msgid "RAID Configuration"
18054
11371
msgstr ""
18055
11372
18056
#: serverguide/C/installation.xml:493(para)
11373
#: serverguide/C/installation.xml:495(para)
18057
11374
msgid "With the partitions setup the arrays are ready to be configured:"
18058
11375
msgstr ""
18059
11376
18060
#: serverguide/C/installation.xml:500(para)
18061
msgid ""
18062
"Back in the main \"Partition Disks\" page, select <emphasis>\"Configure "
18063
"Software RAID\"</emphasis> at the top."
11377
#: serverguide/C/installation.xml:502(para)
11378
msgid "Back in the main \"Partition Disks\" page, select <emphasis>\"Configure Software RAID\"</emphasis> at the top."
18064
11379
msgstr ""
18065
11380
18066
#: serverguide/C/installation.xml:507(para)
11381
#: serverguide/C/installation.xml:509(para)
18067
11382
msgid "Select <emphasis>\"yes\"</emphasis> to write the changes to disk."
18068
11383
msgstr ""
18069
11384
18070
#: serverguide/C/installation.xml:514(para)
18071
msgid "Choose <emphasis>\"Create MD drive\"</emphasis>."
18072
msgstr ""
18073
18074
#: serverguide/C/installation.xml:521(para)
18075
msgid ""
18076
"For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are "
18077
"using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
18078
msgstr ""
18079
18080
#: serverguide/C/installation.xml:527(para)
18081
msgid ""
18082
"In order to use <emphasis>RAID5</emphasis> you need at least "
18083
"<emphasis>three</emphasis> drives. Using RAID0 or RAID1 only "
18084
"<emphasis>two</emphasis> drives are required."
18085
msgstr ""
18086
18087
#: serverguide/C/installation.xml:536(para)
18088
msgid ""
18089
"Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount "
18090
"of hard drives you have, for the array. Then select "
18091
"<emphasis>\"Continue\"</emphasis>."
18092
msgstr ""
18093
18094
#: serverguide/C/installation.xml:544(para)
18095
msgid ""
18096
"Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by "
18097
"default, then choose <emphasis>\"Continue\"</emphasis>."
18098
msgstr ""
18099
18100
#: serverguide/C/installation.xml:551(para)
18101
msgid ""
18102
"Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, "
18103
"etc. The numbers will usually match and the different letters correspond to "
18104
"different hard drives."
18105
msgstr ""
18106
18107
#: serverguide/C/installation.xml:556(para)
18108
msgid ""
18109
"For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> "
18110
"and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to "
18111
"go to the next step."
18112
msgstr ""
18113
18114
#: serverguide/C/installation.xml:564(para)
18115
msgid ""
18116
"Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> "
18117
"for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> "
18118
"and <emphasis>sdb2</emphasis>."
18119
msgstr ""
18120
18121
#: serverguide/C/installation.xml:572(para)
11385
#: serverguide/C/installation.xml:516(para)
11386
msgid "Choose <emphasis>\"Create MD device\"</emphasis>."
11387
msgstr ""
11388
11389
#: serverguide/C/installation.xml:523(para)
11390
msgid "For this example, select <emphasis>\"RAID1\"</emphasis>, but if you are using a different setup choose the appropriate type (RAID0 RAID1 RAID5)."
11391
msgstr ""
11392
11393
#: serverguide/C/installation.xml:529(para)
11394
msgid "In order to use <emphasis>RAID5</emphasis> you need at least <emphasis>three</emphasis> drives. Using RAID0 or RAID1 only <emphasis>two</emphasis> drives are required."
11395
msgstr ""
11396
11397
#: serverguide/C/installation.xml:538(para)
11398
msgid "Enter the number of active devices <emphasis>\"2\"</emphasis>, or the amount of hard drives you have, for the array. Then select <emphasis>\"Continue\"</emphasis>."
11399
msgstr ""
11400
11401
#: serverguide/C/installation.xml:546(para)
11402
msgid "Next, enter the number of spare devices <emphasis>\"0\"</emphasis> by default, then choose <emphasis>\"Continue\"</emphasis>."
11403
msgstr ""
11404
11405
#: serverguide/C/installation.xml:553(para)
11406
msgid "Choose which partitions to use. Generally they will be sda1, sdb1, sdc1, etc. The numbers will usually match and the different letters correspond to different hard drives."
11407
msgstr ""
11408
11409
#: serverguide/C/installation.xml:558(para)
11410
msgid "For the <emphasis>swap</emphasis> partition choose <emphasis>sda1</emphasis> and <emphasis>sdb1</emphasis>. Select <emphasis>\"Continue\"</emphasis> to go to the next step."
11411
msgstr ""
11412
11413
#: serverguide/C/installation.xml:566(para)
11414
msgid "Repeat steps <emphasis>three</emphasis> through <emphasis>seven</emphasis> for the <emphasis>/</emphasis> partition choosing <emphasis>sda2</emphasis> and <emphasis>sdb2</emphasis>."
11415
msgstr ""
11416
11417
#: serverguide/C/installation.xml:574(para)
18122
11418
msgid "Once done select <emphasis>\"Finish\"</emphasis>."
18123
11419
msgstr ""
18124
11420
18125
#: serverguide/C/installation.xml:582(title)
11421
#: serverguide/C/installation.xml:584(title)
18126
11422
msgid "Formatting"
18127
11423
msgstr ""
18128
11424
18129
#: serverguide/C/installation.xml:584(para)
18130
msgid ""
18131
"There should now be a list of hard drives and RAID devices. The next step is "
18132
"to format and set the mount point for the RAID devices. Treat the RAID "
18133
"device as a local hard drive, format and mount accordingly."
18134
msgstr ""
18135
18136
#: serverguide/C/installation.xml:592(para)
18137
msgid "Select the <emphasis>RAID1 device #0</emphasis> partition."
18138
msgstr ""
18139
18140
#: serverguide/C/installation.xml:599(para)
18141
msgid ""
18142
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap "
18143
"area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
18144
msgstr ""
18145
18146
#: serverguide/C/installation.xml:607(para)
18147
msgid "Next, select the <emphasis>RAID1 device #1</emphasis> partition."
18148
msgstr ""
18149
18150
#: serverguide/C/installation.xml:614(para)
18151
msgid ""
18152
"Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext3 "
18153
"journaling file system\"</emphasis>."
18154
msgstr ""
18155
18156
#: serverguide/C/installation.xml:621(para)
18157
msgid ""
18158
"Then select the <emphasis>\"Mount point\"</emphasis> and choose "
18159
"<emphasis>\"/ - the root file system\"</emphasis>. Change any of the other "
18160
"options as appropriate, then select <emphasis>\"Done setting up "
18161
"partition\"</emphasis>."
18162
msgstr ""
18163
18164
#: serverguide/C/installation.xml:629(para)
18165
msgid ""
18166
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18167
"disk\"</emphasis>."
18168
msgstr ""
18169
18170
#: serverguide/C/installation.xml:636(para)
18171
msgid ""
18172
"If you choose to place the root partition on a RAID array, the installer "
18173
"will then ask if you would like to boot in a <emphasis>degraded</emphasis> "
18174
"state. See <xref linkend=\"raid-degraded\"/> for further details."
18175
msgstr ""
18176
18177
#: serverguide/C/installation.xml:641(para)
11425
#: serverguide/C/installation.xml:586(para)
11426
msgid "There should now be a list of hard drives and RAID devices. The next step is to format and set the mount point for the RAID devices. Treat the RAID device as a local hard drive, format and mount accordingly."
11427
msgstr ""
11428
11429
#: serverguide/C/installation.xml:594(para)
11430
msgid "Select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device #0\"</emphasis> partition."
11431
msgstr ""
11432
11433
#: serverguide/C/installation.xml:601(para)
11434
msgid "Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"swap area\"</emphasis>, then <emphasis>\"Done setting up partition\"</emphasis>."
11435
msgstr ""
11436
11437
#: serverguide/C/installation.xml:609(para)
11438
msgid "Next, select <emphasis>\"#1\"</emphasis> under the <emphasis>\"RAID1 device #1\"</emphasis> partition."
11439
msgstr ""
11440
11441
#: serverguide/C/installation.xml:616(para)
11442
msgid "Choose <emphasis>\"Use as:\"</emphasis>. Then select <emphasis>\"Ext4 journaling file system\"</emphasis>."
11443
msgstr ""
11444
11445
#: serverguide/C/installation.xml:623(para)
11446
msgid "Then select the <emphasis>\"Mount point\"</emphasis> and choose <emphasis>\"/ - the root file system\"</emphasis>. Change any of the other options as appropriate, then select <emphasis>\"Done setting up partition\"</emphasis>."
11447
msgstr ""
11448
11449
#: serverguide/C/installation.xml:631(para)
11450
msgid "Finally, select <emphasis>\"Finish partitioning and write changes to disk\"</emphasis>."
11451
msgstr ""
11452
11453
#: serverguide/C/installation.xml:638(para)
11454
msgid "If you choose to place the root partition on a RAID array, the installer will then ask if you would like to boot in a <emphasis>degraded</emphasis> state. See <xref linkend=\"raid-degraded\"/> for further details."
11455
msgstr ""
11456
11457
#: serverguide/C/installation.xml:643(para)
18178
11458
msgid "The installation process will then continue normally."
18179
11459
msgstr ""
18180
11460
18181
#: serverguide/C/installation.xml:647(title)
11461
#: serverguide/C/installation.xml:649(title)
18182
11462
msgid "Degraded RAID"
18183
11463
msgstr ""
18184
11464
18185
#: serverguide/C/installation.xml:649(para)
18186
msgid ""
18187
"At some point in the life of the computer a disk failure event may occur. "
18188
"When this happens, using Software RAID, the operating system will place the "
18189
"array into what is known as a <emphasis>degraded</emphasis> state."
18190
msgstr ""
18191
18192
#: serverguide/C/installation.xml:654(para)
18193
msgid ""
18194
"If the array has become degraded, due to the chance of data corruption, by "
18195
"default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> "
18196
"after thirty seconds. Once the initramfs has booted there is a fifteen "
18197
"second prompt giving you the option to go ahead and boot the system, or "
18198
"attempt manual recover. Booting to the initramfs prompt may or may not be "
18199
"the desired behavior, especially if the machine is in a remote location. "
18200
"Booting to a degraded array can be configured several ways:"
18201
msgstr ""
18202
18203
#: serverguide/C/installation.xml:665(para)
18204
msgid ""
18205
"The <application>dpkg-reconfigure</application> utility can be used to "
18206
"configure the default behavior, and during the process you will be queried "
18207
"about additional settings related to the array. Such as monitoring, email "
18208
"alerts, etc. To reconfigure <application>mdadm</application> enter the "
18209
"following:"
18210
msgstr ""
18211
18212
#: serverguide/C/installation.xml:672(command)
11465
#: serverguide/C/installation.xml:651(para)
11466
msgid "At some point in the life of the computer a disk failure event may occur. When this happens, using Software RAID, the operating system will place the array into what is known as a <emphasis>degraded</emphasis> state."
11467
msgstr ""
11468
11469
#: serverguide/C/installation.xml:656(para)
11470
msgid "If the array has become degraded, due to the chance of data corruption, by default Ubuntu Server Edition will boot to <emphasis>initramfs</emphasis> after thirty seconds. Once the initramfs has booted there is a fifteen second prompt giving you the option to go ahead and boot the system, or attempt manual recover. Booting to the initramfs prompt may or may not be the desired behavior, especially if the machine is in a remote location. Booting to a degraded array can be configured several ways:"
11471
msgstr ""
11472
11473
#: serverguide/C/installation.xml:667(para)
11474
msgid "The <application>dpkg-reconfigure</application> utility can be used to configure the default behavior, and during the process you will be queried about additional settings related to the array. Such as monitoring, email alerts, etc. To reconfigure <application>mdadm</application> enter the following:"
11475
msgstr ""
11476
11477
#: serverguide/C/installation.xml:674(command)
18213
11478
msgid "sudo dpkg-reconfigure mdadm"
18214
11479
msgstr ""
18215
11480
18216
#: serverguide/C/installation.xml:678(para)
18217
msgid ""
18218
"The <command>dpkg-reconfigure mdadm</command> process will change the "
18219
"<filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. "
18220
"The file has the advantage of being able to pre-configure the system's "
18221
"behavior, and can also be manually edited:"
11481
#: serverguide/C/installation.xml:680(para)
11482
msgid "The <command>dpkg-reconfigure mdadm</command> process will change the <filename>/etc/initramfs-tools/conf.d/mdadm</filename> configuration file. The file has the advantage of being able to pre-configure the system's behavior, and can also be manually edited:"
18222
11483
msgstr ""
18223
11484
18224
#: serverguide/C/installation.xml:684(programlisting)
11485
#: serverguide/C/installation.xml:686(programlisting)
18225
11486
#, no-wrap
18226
msgid ""
18227
"\n"
18228
"BOOT_DEGRADED=true\n"
11487
msgid "\nBOOT_DEGRADED=true\n"
18229
11488
msgstr ""
18230
11489
18231
#: serverguide/C/installation.xml:689(para)
11490
#: serverguide/C/installation.xml:691(para)
18232
11491
msgid "The configuration file can be overridden by using a Kernel argument."
18233
11492
msgstr ""
18234
11493
18235
#: serverguide/C/installation.xml:697(para)
18236
msgid ""
18237
"Using a Kernel argument will allow the system to boot to a degraded array as "
18238
"well:"
18239
msgstr ""
18240
18241
#: serverguide/C/installation.xml:703(para)
18242
msgid ""
18243
"When the server is booting press <emphasis>ESC</emphasis> to open the "
18244
"<application>Grub</application> menu."
18245
msgstr ""
18246
18247
#: serverguide/C/installation.xml:708(para)
11494
#: serverguide/C/installation.xml:699(para)
11495
msgid "Using a Kernel argument will allow the system to boot to a degraded array as well:"
11496
msgstr ""
11497
11498
#: serverguide/C/installation.xml:705(para)
11499
msgid "When the server is booting press <emphasis>ESC</emphasis> to open the <application>Grub</application> menu."
11500
msgstr ""
11501
11502
#: serverguide/C/installation.xml:710(para)
18248
11503
msgid "Press <emphasis>\"e\"</emphasis> to edit your Kernel command options."
18249
11504
msgstr ""
18250
11505
18251
#: serverguide/C/installation.xml:713(para)
18252
msgid ""
18253
"Press the <emphasis>DOWN</emphasis> arrow to highlight the kernel line."
18254
msgstr ""
18255
18256
#: serverguide/C/installation.xml:718(para)
18257
msgid ""
18258
"Press the <emphasis>\"e\"</emphasis> key again to edit the kernel line."
18259
msgstr ""
18260
18261
#: serverguide/C/installation.xml:723(para)
18262
msgid ""
18263
"Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the "
18264
"end of the line."
18265
msgstr ""
18266
18267
#: serverguide/C/installation.xml:728(para)
11506
#: serverguide/C/installation.xml:715(para)
11507
msgid "Press the <emphasis>DOWN</emphasis> arrow to highlight the kernel line."
11508
msgstr ""
11509
11510
#: serverguide/C/installation.xml:720(para)
11511
msgid "Press the <emphasis>\"e\"</emphasis> key again to edit the kernel line."
11512
msgstr ""
11513
11514
#: serverguide/C/installation.xml:725(para)
11515
msgid "Add <emphasis>\"bootdegraded=true\"</emphasis> (without the quotes) to the end of the line."
11516
msgstr ""
11517
11518
#: serverguide/C/installation.xml:730(para)
18268
11519
msgid "Press <emphasis>\"ENTER\"</emphasis>."
18269
11520
msgstr ""
18270
11521
18271
#: serverguide/C/installation.xml:733(para)
11522
#: serverguide/C/installation.xml:735(para)
18272
11523
msgid "Finally, press <emphasis>\"b\"</emphasis> to boot the system."
18273
11524
msgstr ""
18274
11525
18275
#: serverguide/C/installation.xml:742(para)
18276
msgid ""
18277
"Once the system has booted you can either repair the array see <xref "
18278
"linkend=\"raid-maintenance\"/> for details, or copy important data to "
18279
"another machine due to major hardware failure."
11526
#: serverguide/C/installation.xml:744(para)
11527
msgid "Once the system has booted you can either repair the array see <xref linkend=\"raid-maintenance\"/> for details, or copy important data to another machine due to major hardware failure."
18280
11528
msgstr ""
18281
11529
18282
#: serverguide/C/installation.xml:749(title)
11530
#: serverguide/C/installation.xml:751(title)
18283
11531
msgid "RAID Maintenance"
18284
11532
msgstr ""
18285
11533
18286
#: serverguide/C/installation.xml:751(para)
18287
msgid ""
18288
"The <application>mdadm</application> utility can be used to view the status "
18289
"of an array, add disks to an array, remove disks, etc:"
11534
#: serverguide/C/installation.xml:753(para)
11535
msgid "The <application>mdadm</application> utility can be used to view the status of an array, add disks to an array, remove disks, etc:"
18290
11536
msgstr ""
18291
11537
18292
#: serverguide/C/installation.xml:758(para)
11538
#: serverguide/C/installation.xml:760(para)
18293
11539
msgid "To view the status of an array, from a terminal prompt enter:"
18294
11540
msgstr ""
18295
11541
18296
#: serverguide/C/installation.xml:762(command)
11542
#: serverguide/C/installation.xml:764(command)
18297
11543
msgid "sudo mdadm -D /dev/md0"
18298
11544
msgstr ""
18299
11545
18300
#: serverguide/C/installation.xml:765(para)
18301
msgid ""
18302
"The <emphasis>-D</emphasis> tells <application>mdadm</application> to "
18303
"display <emphasis>detailed</emphasis> information about the "
18304
"<filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> "
18305
"with the appropriate RAID device."
11546
#: serverguide/C/installation.xml:767(para)
11547
msgid "The <emphasis>-D</emphasis> tells <application>mdadm</application> to display <emphasis>detailed</emphasis> information about the <filename>/dev/md0</filename> device. Replace <filename>/dev/md0</filename> with the appropriate RAID device."
18306
11548
msgstr ""
18307
11549
18308
#: serverguide/C/installation.xml:771(para)
11550
#: serverguide/C/installation.xml:773(para)
18309
11551
msgid "To view the status of a disk in an array:"
18310
11552
msgstr ""
18311
11553
18312
#: serverguide/C/installation.xml:775(command)
11554
#: serverguide/C/installation.xml:777(command)
18313
11555
msgid "sudo mdadm -E /dev/sda1"
18314
11556
msgstr ""
18315
11557
18316
#: serverguide/C/installation.xml:777(para)
18317
msgid ""
18318
"The output if very similar to the <command>mdadm -D</command> command, "
18319
"adjust <filename>/dev/sda1</filename> for each disk."
11558
#: serverguide/C/installation.xml:779(para)
11559
msgid "The output if very similar to the <command>mdadm -D</command> command, adjust <filename>/dev/sda1</filename> for each disk."
18320
11560
msgstr ""
18321
11561
18322
#: serverguide/C/installation.xml:782(para)
11562
#: serverguide/C/installation.xml:784(para)
18323
11563
msgid "If a disk fails and needs to be removed from an array enter:"
18324
11564
msgstr ""
18325
11565
18326
#: serverguide/C/installation.xml:786(command)
11566
#: serverguide/C/installation.xml:788(command)
18327
11567
msgid "sudo mdadm --remove /dev/md0 /dev/sda1"
18328
11568
msgstr ""
18329
11569
18330
#: serverguide/C/installation.xml:788(para)
18331
msgid ""
18332
"Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to "
18333
"the appropriate RAID device and disk."
11570
#: serverguide/C/installation.xml:790(para)
11571
msgid "Change <filename>/dev/md0</filename> and <filename>/dev/sda1</filename> to the appropriate RAID device and disk."
18334
11572
msgstr ""
18335
11573
18336
#: serverguide/C/installation.xml:793(para)
11574
#: serverguide/C/installation.xml:795(para)
18337
11575
msgid "Similarly, to add a new disk:"
18338
11576
msgstr ""
18339
11577
18340
#: serverguide/C/installation.xml:797(command)
11578
#: serverguide/C/installation.xml:799(command)
18341
11579
msgid "sudo mdadm --add /dev/md0 /dev/sda1"
18342
11580
msgstr ""
18343
11581
18344
#: serverguide/C/installation.xml:802(para)
18345
msgid ""
18346
"Sometimes a disk can change to a <emphasis>faulty</emphasis> state even "
18347
"though there is nothing physically wrong with the drive. It is usually "
18348
"worthwhile to remove the drive from the array then re-add it. This will "
18349
"cause the drive to re-sync with the array. If the drive will not sync with "
18350
"the array, it is a good indication of hardware failure."
18351
msgstr ""
18352
18353
#: serverguide/C/installation.xml:808(para)
18354
msgid ""
18355
"The <filename>/proc/mdstat</filename> file also contains useful information "
18356
"about the system's RAID devices:"
18357
msgstr ""
18358
18359
#: serverguide/C/installation.xml:813(command)
11582
#: serverguide/C/installation.xml:804(para)
11583
msgid "Sometimes a disk can change to a <emphasis>faulty</emphasis> state even though there is nothing physically wrong with the drive. It is usually worthwhile to remove the drive from the array then re-add it. This will cause the drive to re-sync with the array. If the drive will not sync with the array, it is a good indication of hardware failure."
11584
msgstr ""
11585
11586
#: serverguide/C/installation.xml:810(para)
11587
msgid "The <filename>/proc/mdstat</filename> file also contains useful information about the system's RAID devices:"
11588
msgstr ""
11589
11590
#: serverguide/C/installation.xml:815(command)
18360
11591
msgid "cat /proc/mdstat"
18361
11592
msgstr ""
18362
11593
18363
#: serverguide/C/installation.xml:814(computeroutput)
11594
#: serverguide/C/installation.xml:816(computeroutput)
18364
11595
#, no-wrap
18365
msgid ""
18366
"Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] "
18367
"[raid10] \n"
18368
"md0 : active raid1 sda1[0] sdb1[1]\n"
18369
" 10016384 blocks [2/2] [UU]\n"
18370
" \n"
18371
"unused devices: <none>"
18372
msgstr ""
18373
18374
#: serverguide/C/installation.xml:821(para)
18375
msgid ""
18376
"The following command is great for watching the status of a syncing drive:"
18377
msgstr ""
18378
18379
#: serverguide/C/installation.xml:826(command)
11596
msgid "Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10] \nmd0 : active raid1 sda1[0] sdb1[1]\n 10016384 blocks [2/2] [UU]\n \nunused devices: <none>"
11597
msgstr ""
11598
11599
#: serverguide/C/installation.xml:823(para)
11600
msgid "The following command is great for watching the status of a syncing drive:"
11601
msgstr ""
11602
11603
#: serverguide/C/installation.xml:828(command)
18380
11604
msgid "watch -n1 cat /proc/mdstat"
18381
11605
msgstr ""
18382
11606
18383
#: serverguide/C/installation.xml:829(para)
18384
msgid ""
18385
"Press <emphasis>Ctrl+c</emphasis> to stop the "
18386
"<application>watch</application> command."
18387
msgstr ""
18388
18389
#: serverguide/C/installation.xml:833(para)
18390
msgid ""
18391
"If you do need to replace a faulty drive, after the drive has been replaced "
18392
"and synced, <application>grub</application> will need to be installed. To "
18393
"install <application>grub</application> on the new drive, enter the "
18394
"following:"
18395
msgstr ""
18396
18397
#: serverguide/C/installation.xml:839(command)
11607
#: serverguide/C/installation.xml:831(para)
11608
msgid "Press <emphasis>Ctrl+c</emphasis> to stop the <application>watch</application> command."
11609
msgstr ""
11610
11611
#: serverguide/C/installation.xml:835(para)
11612
msgid "If you do need to replace a faulty drive, after the drive has been replaced and synced, <application>grub</application> will need to be installed. To install <application>grub</application> on the new drive, enter the following:"
11613
msgstr ""
11614
11615
#: serverguide/C/installation.xml:841(command)
18398
11616
msgid "sudo grub-install /dev/md0"
18399
11617
msgstr ""
18400
11618
18401
#: serverguide/C/installation.xml:842(para)
18402
msgid ""
18403
"Replace <filename>/dev/md0</filename> with the appropriate array device name."
18404
msgstr ""
18405
18406
#: serverguide/C/installation.xml:850(para)
18407
msgid ""
18408
"The topic of RAID arrays is a complex one due to the plethora of ways RAID "
18409
"can be configured. Please see the following links for more information:"
18410
msgstr ""
18411
18412
#: serverguide/C/installation.xml:858(ulink)
11619
#: serverguide/C/installation.xml:844(para)
11620
msgid "Replace <filename>/dev/md0</filename> with the appropriate array device name."
11621
msgstr ""
11622
11623
#: serverguide/C/installation.xml:852(para)
11624
msgid "The topic of RAID arrays is a complex one due to the plethora of ways RAID can be configured. Please see the following links for more information:"
11625
msgstr ""
11626
11627
#: serverguide/C/installation.xml:860(ulink)
18413
11628
msgid "Software RAID HOWTO"
18414
11629
msgstr ""
18415
11630
18416
#: serverguide/C/installation.xml:863(ulink)
11631
#: serverguide/C/installation.xml:865(ulink)
18417
11632
msgid "Managing RAID on Linux"
18418
11633
msgstr ""
18419
11634
18420
#: serverguide/C/installation.xml:870(title)
11635
#: serverguide/C/installation.xml:872(title)
18421
11636
msgid "Logical Volume Manager (LVM)"
18422
11637
msgstr ""
18423
11638
18424
#: serverguide/C/installation.xml:872(para)
18425
msgid ""
18426
"Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to "
18427
"create <emphasis>logical</emphasis> volumes out of one or multiple physical "
18428
"hard disks. LVM volumes can be created on both software RAID partitions and "
18429
"standard partitions residing on a single disk. Volumes can also be extended, "
18430
"giving greater flexibility to systems as requirements change."
18431
msgstr ""
18432
18433
#: serverguide/C/installation.xml:881(para)
18434
msgid ""
18435
"A side effect of LVM's power and flexibility is a greater degree of "
18436
"complication. Before diving into the LVM installation process, it is best to "
18437
"get familiar with some terms."
18438
msgstr ""
18439
18440
#: serverguide/C/installation.xml:888(para)
18441
msgid ""
18442
"<emphasis>Volume Group (VG):</emphasis> contains one or several Logical "
18443
"Volumes (LV)."
18444
msgstr ""
18445
18446
#: serverguide/C/installation.xml:893(para)
18447
msgid ""
18448
"<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-"
18449
"LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of "
18450
"which resides the actual EXT3, XFS, JFS, etc filesystem."
18451
msgstr ""
18452
18453
#: serverguide/C/installation.xml:899(para)
18454
msgid ""
18455
"<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software "
18456
"RAID partition. The Volume Group can be extended by adding more PVs."
18457
msgstr ""
18458
18459
#: serverguide/C/installation.xml:910(para)
18460
msgid ""
18461
"As an example this section covers installing Ubuntu Server Edition with "
18462
"<filename role=\"directory\">/srv</filename> mounted on a LVM volume. During "
18463
"the initial install only one Physical Volume (PV) will be part of the Volume "
18464
"Group (VG). Another PV will be added after install to demonstrate how a VG "
18465
"can be extended."
18466
msgstr ""
18467
18468
#: serverguide/C/installation.xml:916(para)
18469
msgid ""
18470
"There are several installation options for LVM, <emphasis>\"Guided - use the "
18471
"entire disk and setup LVM\"</emphasis> which will also allow you to assign a "
18472
"portion of the available space to LVM, <emphasis>\"Guided - use entire and "
18473
"setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the "
18474
"partitions and configure LVM. At this time the only way to configure a "
18475
"system with both LVM and standard partitions, during installation, is to use "
18476
"the Manual approach."
18477
msgstr ""
18478
18479
#: serverguide/C/installation.xml:933(para)
18480
msgid ""
18481
"At the <emphasis>\"Partition Disks</emphasis> screen choose "
18482
"<emphasis>\"Manual\"</emphasis>."
18483
msgstr ""
18484
18485
#: serverguide/C/installation.xml:940(para)
18486
msgid ""
18487
"Select the hard disk and on the next screen choose \"yes\" to "
18488
"<emphasis>\"Create a new empty partition table on this device\"</emphasis>."
18489
msgstr ""
18490
18491
#: serverguide/C/installation.xml:947(para)
18492
msgid ""
18493
"Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, "
18494
"and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
18495
msgstr ""
18496
18497
#: serverguide/C/installation.xml:955(para)
18498
msgid ""
18499
"For the LVM <emphasis>/srv</emphasis>, create a new "
18500
"<emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use "
18501
"as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then "
18502
"<emphasis>\"Done setting up the partition\"</emphasis>."
18503
msgstr ""
18504
18505
#: serverguide/C/installation.xml:963(para)
18506
msgid ""
18507
"Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at "
18508
"the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to "
18509
"disk."
18510
msgstr ""
18511
18512
#: serverguide/C/installation.xml:971(para)
18513
msgid ""
18514
"For the <emphasis>\"LVM configuration action\"</emphasis> on the next "
18515
"screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name "
18516
"for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. "
18517
"After entering a name, select the partition configured for LVM, and choose "
18518
"<emphasis>\"Continue\"</emphasis>."
18519
msgstr ""
18520
18521
#: serverguide/C/installation.xml:980(para)
18522
msgid ""
18523
"Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select "
18524
"<emphasis>\"Create logical volume\"</emphasis>. Select the newly created "
18525
"volume group, and enter a name for the new LV, for example "
18526
"<emphasis>srv</emphasis> since that is the intended mount point. Then choose "
18527
"a size, which may be the full partition because it can always be extended "
18528
"later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the "
18529
"main <emphasis>\"Partition Disks\"</emphasis> screen."
18530
msgstr ""
18531
18532
#: serverguide/C/installation.xml:990(para)
18533
msgid ""
18534
"Now add a filesystem to the new LVM. Select the partition under "
18535
"<emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have "
18536
"chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as "
18537
"normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, "
18538
"select <emphasis>\"Done setting up the partition\"</emphasis>."
18539
msgstr ""
18540
18541
#: serverguide/C/installation.xml:999(para)
18542
msgid ""
18543
"Finally, select <emphasis>\"Finish partitioning and write changes to "
18544
"disk\"</emphasis>. Then confirm the changes and continue with the rest of "
18545
"the installation."
18546
msgstr ""
18547
18548
#: serverguide/C/installation.xml:1007(para)
11639
#: serverguide/C/installation.xml:874(para)
11640
msgid "Logical Volume Manger, or <emphasis>LVM</emphasis>, allows administrators to create <emphasis>logical</emphasis> volumes out of one or multiple physical hard disks. LVM volumes can be created on both software RAID partitions and standard partitions residing on a single disk. Volumes can also be extended, giving greater flexibility to systems as requirements change."
11641
msgstr ""
11642
11643
#: serverguide/C/installation.xml:883(para)
11644
msgid "A side effect of LVM's power and flexibility is a greater degree of complication. Before diving into the LVM installation process, it is best to get familiar with some terms."
11645
msgstr ""
11646
11647
#: serverguide/C/installation.xml:890(para)
11648
msgid "<emphasis>Volume Group (VG):</emphasis> contains one or several Logical Volumes (LV)."
11649
msgstr ""
11650
11651
#: serverguide/C/installation.xml:895(para)
11652
msgid "<emphasis>Logical Volume (LV):</emphasis> is similar to a partition in a non-LVM system. Multiple Physical Volumes (PV) can make up one LV, on top of which resides the actual EXT3, XFS, JFS, etc filesystem."
11653
msgstr ""
11654
11655
#: serverguide/C/installation.xml:901(para)
11656
msgid "<emphasis>Physical Volume (PV):</emphasis> physical hard disk or software RAID partition. The Volume Group can be extended by adding more PVs."
11657
msgstr ""
11658
11659
#: serverguide/C/installation.xml:912(para)
11660
msgid "As an example this section covers installing Ubuntu Server Edition with <filename role=\"directory\">/srv</filename> mounted on a LVM volume. During the initial install only one Physical Volume (PV) will be part of the Volume Group (VG). Another PV will be added after install to demonstrate how a VG can be extended."
11661
msgstr ""
11662
11663
#: serverguide/C/installation.xml:918(para)
11664
msgid "There are several installation options for LVM, <emphasis>\"Guided - use the entire disk and setup LVM\"</emphasis> which will also allow you to assign a portion of the available space to LVM, <emphasis>\"Guided - use entire and setup encrypted LVM\"</emphasis>, or <emphasis>Manually</emphasis> setup the partitions and configure LVM. At this time the only way to configure a system with both LVM and standard partitions, during installation, is to use the Manual approach."
11665
msgstr ""
11666
11667
#: serverguide/C/installation.xml:935(para)
11668
msgid "At the <emphasis>\"Partition Disks</emphasis> screen choose <emphasis>\"Manual\"</emphasis>."
11669
msgstr ""
11670
11671
#: serverguide/C/installation.xml:942(para)
11672
msgid "Select the hard disk and on the next screen choose \"yes\" to <emphasis>\"Create a new empty partition table on this device\"</emphasis>."
11673
msgstr ""
11674
11675
#: serverguide/C/installation.xml:949(para)
11676
msgid "Next, create standard <emphasis>/boot</emphasis>, <emphasis>swap</emphasis>, and <emphasis>/</emphasis> partitions with whichever filesystem you prefer."
11677
msgstr ""
11678
11679
#: serverguide/C/installation.xml:957(para)
11680
msgid "For the LVM <emphasis>/srv</emphasis>, create a new <emphasis>Logical</emphasis> partition. Then change <emphasis>\"Use as\"</emphasis> to <emphasis>\"physical volume for LVM\"</emphasis> then <emphasis>\"Done setting up the partition\"</emphasis>."
11681
msgstr ""
11682
11683
#: serverguide/C/installation.xml:965(para)
11684
msgid "Now select <emphasis>\"Configure the Logical Volume Manager\"</emphasis> at the top, and choose <emphasis>\"Yes\"</emphasis> to write the changes to disk."
11685
msgstr ""
11686
11687
#: serverguide/C/installation.xml:973(para)
11688
msgid "For the <emphasis>\"LVM configuration action\"</emphasis> on the next screen, choose <emphasis>\"Create volume group\"</emphasis>. Enter a name for the VG such as <emphasis>vg01</emphasis>, or something more descriptive. After entering a name, select the partition configured for LVM, and choose <emphasis>\"Continue\"</emphasis>."
11689
msgstr ""
11690
11691
#: serverguide/C/installation.xml:982(para)
11692
msgid "Back at the <emphasis>\"LVM configuration action\"</emphasis> screen, select <emphasis>\"Create logical volume\"</emphasis>. Select the newly created volume group, and enter a name for the new LV, for example <emphasis>srv</emphasis> since that is the intended mount point. Then choose a size, which may be the full partition because it can always be extended later. Choose <emphasis>\"Finish\"</emphasis> and you should be back at the main <emphasis>\"Partition Disks\"</emphasis> screen."
11693
msgstr ""
11694
11695
#: serverguide/C/installation.xml:992(para)
11696
msgid "Now add a filesystem to the new LVM. Select the partition under <emphasis>\"LVM VG vg01, LV srv\"</emphasis>, or whatever name you have chosen, the choose <emphasis>Use as</emphasis>. Setup a file system as normal selecting <emphasis>/srv</emphasis> as the mount point. Once done, select <emphasis>\"Done setting up the partition\"</emphasis>."
11697
msgstr ""
11698
11699
#: serverguide/C/installation.xml:1001(para)
11700
msgid "Finally, select <emphasis>\"Finish partitioning and write changes to disk\"</emphasis>. Then confirm the changes and continue with the rest of the installation."
11701
msgstr ""
11702
11703
#: serverguide/C/installation.xml:1009(para)
18549
11704
msgid "There are some useful utilities to view information about LVM:"
18550
11705
msgstr ""
18551
11706
18552
#: serverguide/C/installation.xml:1012(para)
18553
msgid ""
18554
"<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
18555
msgstr ""
18556
18557
#: serverguide/C/installation.xml:1013(para)
18558
msgid ""
18559
"<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
18560
msgstr ""
18561
18562
11707
#: serverguide/C/installation.xml:1014(para)
18563
msgid ""
18564
"<emphasis>pvdisplay:</emphasis> similarly displays information about "
18565
"Physical Volumes."
18566
msgstr ""
18567
18568
#: serverguide/C/installation.xml:1019(title)
11708
msgid "<emphasis>vgdisplay:</emphasis> shows information about Volume Groups."
11709
msgstr ""
11710
11711
#: serverguide/C/installation.xml:1015(para)
11712
msgid "<emphasis>lvdisplay:</emphasis> has information about Logical Volumes."
11713
msgstr ""
11714
11715
#: serverguide/C/installation.xml:1016(para)
11716
msgid "<emphasis>pvdisplay:</emphasis> similarly displays information about Physical Volumes."
11717
msgstr ""
11718
11719
#: serverguide/C/installation.xml:1021(title)
18569
11720
msgid "Extending Volume Groups"
18570
11721
msgstr ""
18571
11722
18572
#: serverguide/C/installation.xml:1021(para)
18573
msgid ""
18574
"Continuing with <emphasis>srv</emphasis> as an LVM volume example, this "
18575
"section covers adding a second hard disk, creating a Physical Volume (PV), "
18576
"adding it to the volume group (VG), extending the logical volume <filename "
18577
"role=\"directory\">srv</filename> and finally extending the filesystem. This "
18578
"example assumes a second hard disk has been added to the system. This hard "
18579
"disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: "
18580
"make sure you don't already have an existing <filename>/dev/sdb</filename> "
18581
"before issuing the commands below. You could lose some data if you issue "
18582
"those commands on a non-empty disk. In our example we will use the entire "
18583
"disk as a physical volume (you could choose to create partitions and use "
18584
"them as different physical volumes)"
11723
#: serverguide/C/installation.xml:1023(para)
11724
msgid "Continuing with <emphasis>srv</emphasis> as an LVM volume example, this section covers adding a second hard disk, creating a Physical Volume (PV), adding it to the volume group (VG), extending the logical volume <filename role=\"directory\">srv</filename> and finally extending the filesystem. This example assumes a second hard disk has been added to the system. This hard disk will be named <filename>/dev/sdb</filename> in our example. BEWARE: make sure you don't already have an existing <filename>/dev/sdb</filename> before issuing the commands below. You could lose some data if you issue those commands on a non-empty disk. In our example we will use the entire disk as a physical volume (you could choose to create partitions and use them as different physical volumes)"
18585
11725
msgstr ""
18586
11726
18587
#: serverguide/C/installation.xml:1033(para)
11727
#: serverguide/C/installation.xml:1035(para)
18588
11728
msgid "First, create the physical volume, in a terminal execute:"
18589
11729
msgstr ""
18590
11730
18591
#: serverguide/C/installation.xml:1038(command)
11731
#: serverguide/C/installation.xml:1040(command)
18592
11732
msgid "sudo pvcreate /dev/sdb"
18593
11733
msgstr ""
18594
11734
18595
#: serverguide/C/installation.xml:1044(para)
11735
#: serverguide/C/installation.xml:1046(para)
18596
11736
msgid "Now extend the Volume Group (VG):"
18597
11737
msgstr ""
18598
11738
18599
#: serverguide/C/installation.xml:1049(command)
11739
#: serverguide/C/installation.xml:1051(command)
18600
11740
msgid "sudo vgextend vg01 /dev/sdb"
18601
11741
msgstr ""
18602
11742
18603
#: serverguide/C/installation.xml:1055(para)
18604
msgid ""
18605
"Use <application>vgdisplay</application> to find out the free physical "
18606
"extents - Free PE / size (the size you can allocate). We will assume a free "
18607
"size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the "
18608
"whole free space available. Use your own PE and/or free space."
18609
msgstr ""
18610
18611
#: serverguide/C/installation.xml:1061(para)
18612
msgid ""
18613
"The Logical Volume (LV) can now be extended by different methods, we will "
18614
"only see how to use the PE to extend the LV:"
18615
msgstr ""
18616
18617
#: serverguide/C/installation.xml:1066(command)
11743
#: serverguide/C/installation.xml:1057(para)
11744
msgid "Use <application>vgdisplay</application> to find out the free physical extents - Free PE / size (the size you can allocate). We will assume a free size of 511 PE (equivalent to 2GB with a PE size of 4MB) and we will use the whole free space available. Use your own PE and/or free space."
11745
msgstr ""
11746
11747
#: serverguide/C/installation.xml:1063(para)
11748
msgid "The Logical Volume (LV) can now be extended by different methods, we will only see how to use the PE to extend the LV:"
11749
msgstr ""
11750
11751
#: serverguide/C/installation.xml:1068(command)
18618
11752
msgid "sudo lvextend /dev/vg01/srv -l +511"
18619
11753
msgstr ""
18620
11754
18621
#: serverguide/C/installation.xml:1069(para)
18622
msgid ""
18623
"The <emphasis>-l</emphasis> option allows the LV to be extended using PE. "
18624
"The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, "
18625
"Gig, Tera, etc bytes."
18626
msgstr ""
18627
18628
#: serverguide/C/installation.xml:1077(para)
18629
msgid ""
18630
"Even though you are supposed to be able to <emphasis>expand</emphasis> an "
18631
"ext3 or ext4 filesystem without unmounting it first, it may be a good "
18632
"pratice to unmount it anyway and check the filesystem, so that you don't "
18633
"mess up the day you want to reduce a logical volume (in that case unmounting "
18634
"first is compulsory)."
18635
msgstr ""
18636
18637
#: serverguide/C/installation.xml:1083(para)
18638
msgid ""
18639
"The following commands are for an <emphasis>EXT3</emphasis> or "
18640
"<emphasis>EXT4</emphasis> filesystem. If you are using another filesystem "
18641
"there may be other utilities available."
18642
msgstr ""
18643
18644
#: serverguide/C/installation.xml:1090(command)
11755
#: serverguide/C/installation.xml:1071(para)
11756
msgid "The <emphasis>-l</emphasis> option allows the LV to be extended using PE. The <emphasis>-L</emphasis> option allows the LV to be extended using Meg, Gig, Tera, etc bytes."
11757
msgstr ""
11758
11759
#: serverguide/C/installation.xml:1079(para)
11760
msgid "Even though you are supposed to be able to <emphasis>expand</emphasis> an ext3 or ext4 filesystem without unmounting it first, it may be a good pratice to unmount it anyway and check the filesystem, so that you don't mess up the day you want to reduce a logical volume (in that case unmounting first is compulsory)."
11761
msgstr ""
11762
11763
#: serverguide/C/installation.xml:1085(para)
11764
msgid "The following commands are for an <emphasis>EXT3</emphasis> or <emphasis>EXT4</emphasis> filesystem. If you are using another filesystem there may be other utilities available."
11765
msgstr ""
11766
11767
#: serverguide/C/installation.xml:1092(command)
18645
11768
msgid "sudo e2fsck -f /dev/vg01/srv"
18646
11769
msgstr ""
18647
11770
18648
#: serverguide/C/installation.xml:1093(para)
18649
msgid ""
18650
"The <emphasis>-f</emphasis> option of <application>e2fsck</application> "
18651
"forces checking even if the system seems clean."
11771
#: serverguide/C/installation.xml:1095(para)
11772
msgid "The <emphasis>-f</emphasis> option of <application>e2fsck</application> forces checking even if the system seems clean."
18652
11773
msgstr ""
18653
11774
18654
#: serverguide/C/installation.xml:1100(para)
11775
#: serverguide/C/installation.xml:1102(para)
18655
11776
msgid "Finally, resize the filesystem:"
18656
11777
msgstr ""
18657
11778
18658
#: serverguide/C/installation.xml:1105(command)
11779
#: serverguide/C/installation.xml:1107(command)
18659
11780
msgid "sudo resize2fs /dev/vg01/srv"
18660
11781
msgstr ""
18661
11782
18662
#: serverguide/C/installation.xml:1111(para)
11783
#: serverguide/C/installation.xml:1113(para)
18663
11784
msgid "Now mount the partition and check its size."
18664
11785
msgstr ""
18665
11786
18666
#: serverguide/C/installation.xml:1116(command)
11787
#: serverguide/C/installation.xml:1118(command)
18667
11788
msgid "mount /dev/vg01/srv /srv && df -h /srv"
18668
11789
msgstr ""
18669
11790
18670
#: serverguide/C/installation.xml:1128(para)
18671
msgid ""
18672
"See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM "
18673
"HOWTO</ulink> for more information."
18674
msgstr ""
18675
18676
#: serverguide/C/installation.xml:1133(para)
18677
msgid ""
18678
"Another good article is <ulink "
18679
"url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-"
18680
"space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's "
18681
"linuxdevcenter.com site."
18682
msgstr ""
18683
18684
#: serverguide/C/installation.xml:1140(para)
18685
msgid ""
18686
"For more information on <application>fdisk</application> see the <ulink "
18687
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/fdisk.8.html\">fdisk"
18688
" man page</ulink>."
11791
#: serverguide/C/installation.xml:1130(para)
11792
msgid "See the <ulink url=\"http://tldp.org/HOWTO/LVM-HOWTO/index.html\">LVM HOWTO</ulink> for more information."
11793
msgstr ""
11794
11795
#: serverguide/C/installation.xml:1135(para)
11796
msgid "Another good article is <ulink url=\"http://www.linuxdevcenter.com/pub/a/linux/2006/04/27/managing-disk-space-with-lvm.html\">Managing Disk Space with LVM</ulink> on O'Reilly's linuxdevcenter.com site."
11797
msgstr ""
11798
11799
#: serverguide/C/installation.xml:1142(para)
11800
msgid "For more information on <application>fdisk</application> see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/fdisk.8.html\">fdisk man page</ulink>."
18689
11801
msgstr ""
18690
11802
18691
11803
#: serverguide/C/file-server.xml:13(title)
18693
11805
msgstr ""
18694
11806
18695
11807
#: serverguide/C/file-server.xml:15(para)
18696
msgid ""
18697
"If you have more than one computer on a single network. At some point you "
18698
"will probably need to share files between them. In this section we cover "
18699
"installing and configuring FTP, NFS, and CUPS."
11808
msgid "If you have more than one computer on a single network. At some point you will probably need to share files between them. In this section we cover installing and configuring FTP, NFS, and CUPS."
18700
11809
msgstr ""
18701
11810
18702
11811
#: serverguide/C/file-server.xml:22(title)
18704
11813
msgstr ""
18705
11814
18706
11815
#: serverguide/C/file-server.xml:24(para)
18707
msgid ""
18708
"File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading "
18709
"files between computers. FTP works on a client/server model. The server "
18710
"component is called an <emphasis>FTP daemon</emphasis>. It continuously "
18711
"listens for FTP requests from remote clients. When a request is received, it "
18712
"manages the login and sets up the connection. For the duration of the "
18713
"session it executes any of commands sent by the FTP client."
11816
msgid "File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading files between computers. FTP works on a client/server model. The server component is called an <emphasis>FTP daemon</emphasis>. It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client."
18714
11817
msgstr ""
18715
11818
18716
11819
#: serverguide/C/file-server.xml:33(para)
18726
11829
msgstr ""
18727
11830
18728
11831
#: serverguide/C/file-server.xml:43(para)
18729
msgid ""
18730
"In the Anonymous mode, remote clients can access the FTP server by using the "
18731
"default user account called \"anonymous\" or \"ftp\" and sending an email "
18732
"address as the password. In the Authenticated mode a user must have an "
18733
"account and a password. User access to the FTP server directories and files "
18734
"is dependent on the permissions defined for the account used at login. As a "
18735
"general rule, the FTP daemon will hide the root directory of the FTP server "
18736
"and change it to the FTP Home directory. This hides the rest of the file "
18737
"system from remote sessions."
11832
msgid "In the Anonymous mode, remote clients can access the FTP server by using the default user account called \"anonymous\" or \"ftp\" and sending an email address as the password. In the Authenticated mode a user must have an account and a password. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions."
18738
11833
msgstr ""
18739
11834
18740
11835
#: serverguide/C/file-server.xml:55(title)
18742
11837
msgstr ""
18743
11838
18744
11839
#: serverguide/C/file-server.xml:57(para)
18745
msgid ""
18746
"vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, "
18747
"and maintain. To install <application>vsftpd</application> you can run the "
18748
"following command:"
11840
msgid "vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install <application>vsftpd</application> you can run the following command:"
18749
11841
msgstr ""
18750
11842
18751
11843
#: serverguide/C/file-server.xml:65(command)
18757
11849
msgstr ""
18758
11850
18759
11851
#: serverguide/C/file-server.xml:73(para)
18760
msgid ""
18761
"By default <application>vsftpd</application> is configured to only allow "
18762
"anonymous download. During installation a <emphasis>ftp</emphasis> user is "
18763
"created with a home directory of <filename>/home/ftp</filename>. This is the "
18764
"default FTP directory."
11852
msgid "By default <application>vsftpd</application> is configured to only allow anonymous download. During installation a <emphasis>ftp</emphasis> user is created with a home directory of <filename>/home/ftp</filename>. This is the default FTP directory."
18765
11853
msgstr ""
18766
11854
18767
11855
#: serverguide/C/file-server.xml:80(para)
18768
msgid ""
18769
"If you wish to change this location, to <filename>/srv/ftp</filename> for "
18770
"example, simply create a directory in another location and change the "
18771
"<emphasis>ftp</emphasis> user's home directory:"
11856
msgid "If you wish to change this location, to <filename>/srv/ftp</filename> for example, simply create a directory in another location and change the <emphasis>ftp</emphasis> user's home directory:"
18772
11857
msgstr ""
18773
11858
18774
11859
#: serverguide/C/file-server.xml:87(command)
18788
11873
msgstr ""
18789
11874
18790
11875
#: serverguide/C/file-server.xml:99(para)
18791
msgid ""
18792
"Finally, copy any files and directories you would like to make available "
18793
"through anonymous FTP to <filename>/srv/ftp</filename>."
11876
msgid "Finally, copy any files and directories you would like to make available through anonymous FTP to <filename>/srv/ftp</filename>."
18794
11877
msgstr ""
18795
11878
18796
11879
#: serverguide/C/file-server.xml:106(title)
18798
11881
msgstr ""
18799
11882
18800
11883
#: serverguide/C/file-server.xml:108(para)
18801
msgid ""
18802
"To configure <application>vsftpd</application> to authenticate system users "
18803
"and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
11884
msgid "To configure <application>vsftpd</application> to authenticate system users and allow them to upload files edit <filename>/etc/vsftpd.conf</filename>:"
18804
11885
msgstr ""
18805
11886
18806
11887
#: serverguide/C/file-server.xml:114(programlisting)
18807
11888
#, no-wrap
18808
msgid ""
18809
"\n"
18810
"local_enable=YES\n"
18811
"write_enable=YES\n"
11889
msgid "\nlocal_enable=YES\nwrite_enable=YES\n"
18812
11890
msgstr ""
18813
11891
18814
11892
#: serverguide/C/file-server.xml:119(para)
18816
11894
msgstr ""
18817
11895
18818
11896
#: serverguide/C/file-server.xml:127(para)
18819
msgid ""
18820
"Now when system users login to FTP they will start in their "
18821
"<emphasis>home</emphasis> directories where they can download, upload, "
18822
"create directories, etc."
11897
msgid "Now when system users login to FTP they will start in their <emphasis>home</emphasis> directories where they can download, upload, create directories, etc."
18823
11898
msgstr ""
18824
11899
18825
11900
#: serverguide/C/file-server.xml:133(para)
18826
msgid ""
18827
"Similarly, by default, the anonymous users are not allowed to upload files "
18828
"to FTP server. To change this setting, you should uncomment the following "
18829
"line, and restart <application>vsftpd</application>:"
11901
msgid "Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart <application>vsftpd</application>:"
18830
11902
msgstr ""
18831
11903
18832
11904
#: serverguide/C/file-server.xml:140(programlisting)
18833
11905
#, no-wrap
18834
msgid ""
18835
"\n"
18836
"anon_upload_enable=YES\n"
11906
msgid "\nanon_upload_enable=YES\n"
18837
11907
msgstr ""
18838
11908
18839
11909
#: serverguide/C/file-server.xml:145(para)
18840
msgid ""
18841
"Enabling anonymous FTP upload can be an extreme security risk. It is best to "
18842
"not enable anonymous upload on servers accessed directly from the Internet."
11910
msgid "Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet."
18843
11911
msgstr ""
18844
11912
18845
11913
#: serverguide/C/file-server.xml:151(para)
18846
msgid ""
18847
"The configuration file consists of many configuration parameters. The "
18848
"information about each parameter is available in the configuration file. "
18849
"Alternatively, you can refer to the man page, <command>man 5 "
18850
"vsftpd.conf</command> for details of each parameter."
11914
msgid "The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, <command>man 5 vsftpd.conf</command> for details of each parameter."
18851
11915
msgstr ""
18852
11916
18853
11917
#: serverguide/C/file-server.xml:162(title)
18855
11919
msgstr ""
18856
11920
18857
11921
#: serverguide/C/file-server.xml:164(para)
18858
msgid ""
18859
"There are options in <filename>/etc/vsftpd.conf</filename> to help make "
18860
"<application>vsftpd</application> more secure. For example users can be "
18861
"limited to their home directories by uncommenting:"
11922
msgid "There are options in <filename>/etc/vsftpd.conf</filename> to help make <application>vsftpd</application> more secure. For example users can be limited to their home directories by uncommenting:"
18862
11923
msgstr ""
18863
11924
18864
11925
#: serverguide/C/file-server.xml:170(programlisting)
18865
11926
#, no-wrap
18866
msgid ""
18867
"\n"
18868
"chroot_local_user=YES\n"
11927
msgid "\nchroot_local_user=YES\n"
18869
11928
msgstr ""
18870
11929
18871
11930
#: serverguide/C/file-server.xml:174(para)
18872
msgid ""
18873
"You can also limit a specific list of users to just their home directories:"
11931
msgid "You can also limit a specific list of users to just their home directories:"
18874
11932
msgstr ""
18875
11933
18876
11934
#: serverguide/C/file-server.xml:178(programlisting)
18877
11935
#, no-wrap
18878
msgid ""
18879
"\n"
18880
"chroot_list_enable=YES\n"
18881
"chroot_list_file=/etc/vsftpd.chroot_list\n"
11936
msgid "\nchroot_list_enable=YES\nchroot_list_file=/etc/vsftpd.chroot_list\n"
18882
11937
msgstr ""
18883
11938
18884
11939
#: serverguide/C/file-server.xml:183(para)
18885
msgid ""
18886
"After uncommenting the above options, create a "
18887
"<filename>/etc/vsftpd.chroot_list</filename> containing a list of users one "
18888
"per line. Then restart <application>vsftpd</application>:"
11940
msgid "After uncommenting the above options, create a <filename>/etc/vsftpd.chroot_list</filename> containing a list of users one per line. Then restart <application>vsftpd</application>:"
18889
11941
msgstr ""
18890
11942
18891
11943
#: serverguide/C/file-server.xml:192(para)
18892
msgid ""
18893
"Also, the <filename>/etc/ftpusers</filename> file is a list of users that "
18894
"are <emphasis>disallowed</emphasis> FTP access. The default list includes "
18895
"root, daemon, nobody, etc. To disable FTP access for additional users simply "
18896
"add them to the list."
11944
msgid "Also, the <filename>/etc/ftpusers</filename> file is a list of users that are <emphasis>disallowed</emphasis> FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list."
18897
11945
msgstr ""
18898
11946
18899
11947
#: serverguide/C/file-server.xml:199(para)
18900
msgid ""
18901
"FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from "
18902
"<emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure "
18903
"Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an "
18904
"encrypted <emphasis>SSH</emphasis> connection. A major difference is that "
18905
"users of SFTP need to have a <emphasis>shell</emphasis> account on the "
18906
"system, instead of a <emphasis>nologin</emphasis> shell. Providing all users "
18907
"with a shell may not be ideal for some environments, such as a shared web "
18908
"host."
11948
msgid "FTP can also be encrypted using <emphasis>FTPS</emphasis>. Different from <emphasis>SFTP</emphasis>, <emphasis>FTPS</emphasis> is FTP over Secure Socket Layer (SSL). <emphasis>SFTP</emphasis> is a FTP like session over an encrypted <emphasis>SSH</emphasis> connection. A major difference is that users of SFTP need to have a <emphasis>shell</emphasis> account on the system, instead of a <emphasis>nologin</emphasis> shell. Providing all users with a shell may not be ideal for some environments, such as a shared web host."
18909
11949
msgstr ""
18910
11950
18911
11951
#: serverguide/C/file-server.xml:208(para)
18912
msgid ""
18913
"To configure <emphasis>FTPS</emphasis>, edit "
18914
"<filename>/etc/vsftpd.conf</filename> and at the bottom add:"
11952
msgid "To configure <emphasis>FTPS</emphasis>, edit <filename>/etc/vsftpd.conf</filename> and at the bottom add:"
18915
11953
msgstr ""
18916
11954
18917
11955
#: serverguide/C/file-server.xml:212(programlisting)
18918
11956
#, no-wrap
18919
msgid ""
18920
"\n"
18921
"ssl_enable=Yes\n"
11957
msgid "\nssl_enable=Yes\n"
18922
11958
msgstr ""
18923
11959
18924
11960
#: serverguide/C/file-server.xml:216(para)
18927
11963
18928
11964
#: serverguide/C/file-server.xml:220(programlisting)
18929
11965
#, no-wrap
18930
msgid ""
18931
"\n"
18932
"rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\n"
18933
"rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
11966
msgid "\nrsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem\nrsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key\n"
18934
11967
msgstr ""
18935
11968
18936
11969
#: serverguide/C/file-server.xml:225(para)
18937
msgid ""
18938
"By default these options are set the certificate and key provided by the "
18939
"<application>ssl-cert</application> package. In a production environment "
18940
"these should be replaced with a certificate and key generated for the "
18941
"specific host. For more information on certificates see <xref "
18942
"linkend=\"certificates-and-security\"/>."
11970
msgid "By default these options are set the certificate and key provided by the <application>ssl-cert</application> package. In a production environment these should be replaced with a certificate and key generated for the specific host. For more information on certificates see <xref linkend=\"certificates-and-security\"/>."
18943
11971
msgstr ""
18944
11972
18945
11973
#: serverguide/C/file-server.xml:231(para)
18946
msgid ""
18947
"Now restart <application>vsftpd</application>, and non-anonymous users will "
18948
"be forced to use <emphasis>FTPS</emphasis>:"
11974
msgid "Now restart <application>vsftpd</application>, and non-anonymous users will be forced to use <emphasis>FTPS</emphasis>:"
18949
11975
msgstr ""
18950
11976
18951
11977
#: serverguide/C/file-server.xml:240(para)
18952
msgid ""
18953
"To allow users with a shell of <filename>/usr/sbin/nologin</filename> access "
18954
"to FTP, but have no shell access, edit <filename>/etc/shells</filename> "
18955
"adding the <emphasis>nologin</emphasis> shell:"
11978
msgid "To allow users with a shell of <filename>/usr/sbin/nologin</filename> access to FTP, but have no shell access, edit <filename>/etc/shells</filename> adding the <emphasis>nologin</emphasis> shell:"
18956
11979
msgstr ""
18957
11980
18958
11981
#: serverguide/C/file-server.xml:245(programlisting)
18959
11982
#, no-wrap
18960
msgid ""
18961
"\n"
18962
"# /etc/shells: valid login shells\n"
18963
"/bin/csh\n"
18964
"/bin/sh\n"
18965
"/usr/bin/es\n"
18966
"/usr/bin/ksh\n"
18967
"/bin/ksh\n"
18968
"/usr/bin/rc\n"
18969
"/usr/bin/tcsh\n"
18970
"/bin/tcsh\n"
18971
"/usr/bin/esh\n"
18972
"/bin/dash\n"
18973
"/bin/bash\n"
18974
"/bin/rbash\n"
18975
"/usr/bin/screen\n"
18976
"/usr/sbin/nologin\n"
11983
msgid "\n# /etc/shells: valid login shells\n/bin/csh\n/bin/sh\n/usr/bin/es\n/usr/bin/ksh\n/bin/ksh\n/usr/bin/rc\n/usr/bin/tcsh\n/bin/tcsh\n/usr/bin/esh\n/bin/dash\n/bin/bash\n/bin/rbash\n/usr/bin/screen\n/usr/sbin/nologin\n"
18977
11984
msgstr ""
18978
11985
18979
11986
#: serverguide/C/file-server.xml:263(para)
18980
msgid ""
18981
"This is necessary because, by default <application>vsftpd</application> uses "
18982
"PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> "
18983
"configuration file contains:"
11987
msgid "This is necessary because, by default <application>vsftpd</application> uses PAM for authentication, and the <filename>/etc/pam.d/vsftpd</filename> configuration file contains:"
18984
11988
msgstr ""
18985
11989
18986
11990
#: serverguide/C/file-server.xml:268(programlisting)
18987
11991
#, no-wrap
18988
msgid ""
18989
"\n"
18990
"auth required pam_shells.so\n"
11992
msgid "\nauth required pam_shells.so\n"
18991
11993
msgstr ""
18992
11994
18993
11995
#: serverguide/C/file-server.xml:272(para)
18994
msgid ""
18995
"The <emphasis>shells</emphasis> PAM module restricts access to shells listed "
18996
"in the <filename>/etc/shells</filename> file."
11996
msgid "The <emphasis>shells</emphasis> PAM module restricts access to shells listed in the <filename>/etc/shells</filename> file."
18997
11997
msgstr ""
18998
11998
18999
11999
#: serverguide/C/file-server.xml:277(para)
19000
msgid ""
19001
"Most popular FTP clients can be configured connect using FTPS. The "
19002
"<application>lftp</application> command line FTP client has the ability to "
19003
"use FTPS as well."
12000
msgid "Most popular FTP clients can be configured connect using FTPS. The <application>lftp</application> command line FTP client has the ability to use FTPS as well."
19004
12001
msgstr ""
19005
12002
19006
12003
#: serverguide/C/file-server.xml:288(para)
19007
msgid ""
19008
"See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd "
19009
"website</ulink> for more information."
12004
msgid "See the <ulink url=\"http://vsftpd.beasts.org/vsftpd_conf.html\">vsftpd website</ulink> for more information."
19010
12005
msgstr ""
19011
12006
19012
12007
#: serverguide/C/file-server.xml:293(para)
19013
msgid ""
19014
"For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink "
19015
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/vsftpd.conf.5.html\""
19016
">vsftpd.conf man page</ulink>."
12008
msgid "For detailed <filename>/etc/vsftpd.conf</filename> options see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/vsftpd.conf.5.html\">vsftpd.conf man page</ulink>."
19017
12009
msgstr ""
19018
12010
19019
12011
#: serverguide/C/file-server.xml:299(para)
19020
msgid ""
19021
"The CodeGurus article <ulink "
19022
"url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c1"
19023
"4329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information "
19024
"contrasting FTPS and SFTP."
12012
msgid "The CodeGurus article <ulink url=\"http://www.codeguru.com/csharp/.net/net_general/internet/article.php/c14329\"> FTPS vs. SFTP: What to Choose</ulink> has useful information contrasting FTPS and SFTP."
19025
12013
msgstr ""
19026
12014
19027
12015
#: serverguide/C/file-server.xml:310(title)
19029
12017
msgstr ""
19030
12018
19031
12019
#: serverguide/C/file-server.xml:311(para)
19032
msgid ""
19033
"NFS allows a system to share directories and files with others over a "
19034
"network. By using NFS, users and programs can access files on remote systems "
19035
"almost as if they were local files."
12020
msgid "NFS allows a system to share directories and files with others over a network. By using NFS, users and programs can access files on remote systems almost as if they were local files."
19036
12021
msgstr ""
19037
12022
19038
12023
#: serverguide/C/file-server.xml:317(para)
19040
12025
msgstr ""
19041
12026
19042
12027
#: serverguide/C/file-server.xml:323(para)
19043
msgid ""
19044
"Local workstations use less disk space because commonly used data can be "
19045
"stored on a single machine and still remain accessible to others over the "
19046
"network."
12028
msgid "Local workstations use less disk space because commonly used data can be stored on a single machine and still remain accessible to others over the network."
19047
12029
msgstr ""
19048
12030
19049
12031
#: serverguide/C/file-server.xml:328(para)
19050
msgid ""
19051
"There is no need for users to have separate home directories on every "
19052
"network machine. Home directories could be set up on the NFS server and made "
19053
"available throughout the network."
12032
msgid "There is no need for users to have separate home directories on every network machine. Home directories could be set up on the NFS server and made available throughout the network."
19054
12033
msgstr ""
19055
12034
19056
12035
#: serverguide/C/file-server.xml:334(para)
19057
msgid ""
19058
"Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can "
19059
"be used by other machines on the network. This may reduce the number of "
19060
"removable media drives throughout the network."
12036
msgid "Storage devices such as floppy disks, CDROM drives, and USB Thumb drives can be used by other machines on the network. This may reduce the number of removable media drives throughout the network."
19061
12037
msgstr ""
19062
12038
19063
12039
#: serverguide/C/file-server.xml:344(para)
19064
msgid ""
19065
"At a terminal prompt enter the following command to install the NFS Server:"
12040
msgid "At a terminal prompt enter the following command to install the NFS Server:"
19066
12041
msgstr ""
19067
12042
19068
12043
#: serverguide/C/file-server.xml:350(command)
19070
12045
msgstr ""
19071
12046
19072
12047
#: serverguide/C/file-server.xml:356(para)
19073
msgid ""
19074
"You can configure the directories to be exported by adding them to the "
19075
"<filename>/etc/exports</filename> file. For example:"
12048
msgid "You can configure the directories to be exported by adding them to the <filename>/etc/exports</filename> file. For example:"
19076
12049
msgstr ""
19077
12050
19078
12051
#: serverguide/C/file-server.xml:361(screen)
19079
12052
#, no-wrap
19080
msgid ""
19081
"\n"
19082
"/ubuntu *(ro,sync,no_root_squash)\n"
19083
"/home *(rw,sync,no_root_squash)\n"
12053
msgid "\n/ubuntu *(ro,sync,no_root_squash)\n/home *(rw,sync,no_root_squash)\n"
19084
12054
msgstr ""
19085
12055
19086
12056
#: serverguide/C/file-server.xml:367(para)
19087
msgid ""
19088
"You can replace * with one of the hostname formats. Make the hostname "
19089
"declaration as specific as possible so unwanted systems cannot access the "
19090
"NFS mount."
12057
msgid "You can replace * with one of the hostname formats. Make the hostname declaration as specific as possible so unwanted systems cannot access the NFS mount."
19091
12058
msgstr ""
19092
12059
19093
12060
#: serverguide/C/file-server.xml:373(para)
19094
msgid ""
19095
"To start the NFS server, you can run the following command at a terminal "
19096
"prompt:"
12061
msgid "To start the NFS server, you can run the following command at a terminal prompt:"
19097
12062
msgstr ""
19098
12063
19099
12064
#: serverguide/C/file-server.xml:378(command)
19105
12070
msgstr ""
19106
12071
19107
12072
#: serverguide/C/file-server.xml:384(para)
19108
msgid ""
19109
"Use the <application>mount</application> command to mount a shared NFS "
19110
"directory from another machine, by typing a command line similar to the "
19111
"following at a terminal prompt:"
12073
msgid "Use the <application>mount</application> command to mount a shared NFS directory from another machine, by typing a command line similar to the following at a terminal prompt:"
19112
12074
msgstr ""
19113
12075
19114
12076
#: serverguide/C/file-server.xml:390(command)
19116
12078
msgstr ""
19117
12079
19118
12080
#: serverguide/C/file-server.xml:394(para)
19119
msgid ""
19120
"The mount point directory <filename>/local/ubuntu</filename> must exist. "
19121
"There should be no files or subdirectories in the "
19122
"<filename>/local/ubuntu</filename> directory."
12081
msgid "The mount point directory <filename>/local/ubuntu</filename> must exist. There should be no files or subdirectories in the <filename>/local/ubuntu</filename> directory."
19123
12082
msgstr ""
19124
12083
19125
12084
#: serverguide/C/file-server.xml:401(para)
19126
msgid ""
19127
"An alternate way to mount an NFS share from another machine is to add a line "
19128
"to the <filename>/etc/fstab</filename> file. The line must state the "
19129
"hostname of the NFS server, the directory on the server being exported, and "
19130
"the directory on the local machine where the NFS share is to be mounted."
12085
msgid "An alternate way to mount an NFS share from another machine is to add a line to the <filename>/etc/fstab</filename> file. The line must state the hostname of the NFS server, the directory on the server being exported, and the directory on the local machine where the NFS share is to be mounted."
19131
12086
msgstr ""
19132
12087
19133
12088
#: serverguide/C/file-server.xml:409(para)
19134
msgid ""
19135
"The general syntax for the line in <filename>/etc/fstab</filename> file is "
19136
"as follows:"
12089
msgid "The general syntax for the line in <filename>/etc/fstab</filename> file is as follows:"
19137
12090
msgstr ""
19138
12091
19139
12092
#: serverguide/C/file-server.xml:415(programlisting)
19140
12093
#, no-wrap
19141
msgid ""
19142
"\n"
19143
"example.hostname.com:/ubuntu /local/ubuntu nfs "
19144
"rsize=8192,wsize=8192,timeo=14,intr\n"
12094
msgid "\nexample.hostname.com:/ubuntu /local/ubuntu nfs rsize=8192,wsize=8192,timeo=14,intr\n"
19145
12095
msgstr ""
19146
12096
19147
12097
#: serverguide/C/file-server.xml:419(para)
19148
msgid ""
19149
"If you have trouble mounting an NFS share, make sure the <application>nfs-"
19150
"common</application> package is installed on your client. To install "
19151
"<application>nfs-common</application> enter the following command at the "
19152
"terminal prompt: <screen>\n"
19153
"<command>sudo apt-get install nfs-common</command>\n"
19154
"</screen>"
12098
msgid "If you have trouble mounting an NFS share, make sure the <application>nfs-common</application> package is installed on your client. To install <application>nfs-common</application> enter the following command at the terminal prompt: <screen>\n<command>sudo apt-get install nfs-common</command>\n</screen>"
19155
12099
msgstr ""
19156
12100
19157
12101
#: serverguide/C/file-server.xml:432(ulink)
19163
12107
msgstr ""
19164
12108
19165
12109
#: serverguide/C/file-server.xml:438(para)
19166
msgid ""
19167
"The primary mechanism for Ubuntu printing and print services is the "
19168
"<emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This "
19169
"printing system is a freely available, portable printing layer which has "
19170
"become the new standard for printing in most Linux distributions."
12110
msgid "The primary mechanism for Ubuntu printing and print services is the <emphasis role=\"bold\">Common UNIX Printing System</emphasis> (CUPS). This printing system is a freely available, portable printing layer which has become the new standard for printing in most Linux distributions."
19171
12111
msgstr ""
19172
12112
19173
12113
#: serverguide/C/file-server.xml:445(para)
19174
msgid ""
19175
"CUPS manages print jobs and queues and provides network printing using the "
19176
"standard Internet Printing Protocol (IPP), while offering support for a very "
19177
"large range of printers, from dot-matrix to laser and many in between. CUPS "
19178
"also supports PostScript Printer Description (PPD) and auto-detection of "
19179
"network printers, and features a simple web-based configuration and "
19180
"administration tool."
12114
msgid "CUPS manages print jobs and queues and provides network printing using the standard Internet Printing Protocol (IPP), while offering support for a very large range of printers, from dot-matrix to laser and many in between. CUPS also supports PostScript Printer Description (PPD) and auto-detection of network printers, and features a simple web-based configuration and administration tool."
19181
12115
msgstr ""
19182
12116
19183
12117
#: serverguide/C/file-server.xml:455(para)
19184
msgid ""
19185
"To install CUPS on your Ubuntu computer, simply use "
19186
"<application>sudo</application> with the <application>apt-get</application> "
19187
"command and give the packages to install as the first parameter. A complete "
19188
"CUPS install has many package dependencies, but they may all be specified on "
19189
"the same command line. Enter the following at a terminal prompt to install "
19190
"CUPS:"
12118
msgid "To install CUPS on your Ubuntu computer, simply use <application>sudo</application> with the <application>apt-get</application> command and give the packages to install as the first parameter. A complete CUPS install has many package dependencies, but they may all be specified on the same command line. Enter the following at a terminal prompt to install CUPS:"
19191
12119
msgstr ""
19192
12120
19193
12121
#: serverguide/C/file-server.xml:460(command)
19195
12123
msgstr ""
19196
12124
19197
12125
#: serverguide/C/file-server.xml:463(para)
19198
msgid ""
19199
"Upon authenticating with your user password, the packages should be "
19200
"downloaded and installed without error. Upon the conclusion of installation, "
19201
"the CUPS server will be started automatically."
12126
msgid "Upon authenticating with your user password, the packages should be downloaded and installed without error. Upon the conclusion of installation, the CUPS server will be started automatically."
19202
12127
msgstr ""
19203
12128
19204
12129
#: serverguide/C/file-server.xml:468(para)
19205
msgid ""
19206
"For troubleshooting purposes, you can access CUPS server errors via the "
19207
"error log file at: <filename>/var/log/cups/error_log</filename>. If the "
19208
"error log does not show enough information to troubleshoot any problems you "
19209
"encounter, the verbosity of the CUPS log can be increased by changing the "
19210
"<emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration "
19211
"file (discussed below) to \"debug\" or even \"debug2\", which logs "
19212
"everything, from the default of \"info\". If you make this change, remember "
19213
"to change it back once you've solved your problem, to prevent the log file "
19214
"from becoming overly large."
12130
msgid "For troubleshooting purposes, you can access CUPS server errors via the error log file at: <filename>/var/log/cups/error_log</filename>. If the error log does not show enough information to troubleshoot any problems you encounter, the verbosity of the CUPS log can be increased by changing the <emphasis role=\"bold\">LogLevel</emphasis> directive in the configuration file (discussed below) to \"debug\" or even \"debug2\", which logs everything, from the default of \"info\". If you make this change, remember to change it back once you've solved your problem, to prevent the log file from becoming overly large."
19215
12131
msgstr ""
19216
12132
19217
12133
#: serverguide/C/file-server.xml:481(para)
19218
msgid ""
19219
"The Common UNIX Printing System server's behavior is configured through the "
19220
"directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. "
19221
"The CUPS configuration file follows the same syntax as the primary "
19222
"configuration file for the Apache HTTP server, so users familiar with "
19223
"editing Apache's configuration file should feel at ease when editing the "
19224
"CUPS configuration file. Some examples of settings you may wish to change "
19225
"initially will be presented here."
12134
msgid "The Common UNIX Printing System server's behavior is configured through the directives contained in the file <filename>/etc/cups/cupsd.conf</filename>. The CUPS configuration file follows the same syntax as the primary configuration file for the Apache HTTP server, so users familiar with editing Apache's configuration file should feel at ease when editing the CUPS configuration file. Some examples of settings you may wish to change initially will be presented here."
19226
12135
msgstr ""
19227
12136
19228
12137
#: serverguide/C/file-server.xml:491(para)
19229
msgid ""
19230
"Prior to editing the configuration file, you should make a copy of the "
19231
"original file and protect it from writing, so you will have the original "
19232
"settings as a reference, and to reuse as necessary."
12138
msgid "Prior to editing the configuration file, you should make a copy of the original file and protect it from writing, so you will have the original settings as a reference, and to reuse as necessary."
19233
12139
msgstr ""
19234
12140
19235
12141
#: serverguide/C/file-server.xml:495(para)
19236
msgid ""
19237
"Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from "
19238
"writing with the following commands, issued at a terminal prompt:"
12142
msgid "Copy the <filename>/etc/cups/cupsd.conf</filename> file and protect it from writing with the following commands, issued at a terminal prompt:"
19239
12143
msgstr ""
19240
12144
19241
12145
#: serverguide/C/file-server.xml:501(command)
19247
12151
msgstr ""
19248
12152
19249
12153
#: serverguide/C/file-server.xml:507(para)
19250
msgid ""
19251
"<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email "
19252
"address of the designated administrator of the CUPS server, simply edit the "
19253
"<filename>/etc/cups/cupsd.conf</filename> configuration file with your "
19254
"preferred text editor, and add or modify the <emphasis "
19255
"role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if "
19256
"you are the Administrator for the CUPS server, and your e-mail address is "
19257
"'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear "
19258
"as such:"
12154
msgid "<emphasis role=\"bold\">ServerAdmin</emphasis>: To configure the email address of the designated administrator of the CUPS server, simply edit the <filename>/etc/cups/cupsd.conf</filename> configuration file with your preferred text editor, and add or modify the <emphasis role=\"italics\">ServerAdmin</emphasis> line accordingly. For example, if you are the Administrator for the CUPS server, and your e-mail address is 'bjoy@somebigco.com', then you would modify the ServerAdmin line to appear as such:"
19259
12155
msgstr ""
19260
12156
19261
12157
#: serverguide/C/file-server.xml:518(screen)
19262
12158
#, no-wrap
19263
msgid ""
19264
"\n"
19265
"ServerAdmin bjoy@somebigco.com\n"
12159
msgid "\nServerAdmin bjoy@somebigco.com\n"
19266
12160
msgstr ""
19267
12161
19268
12162
#: serverguide/C/file-server.xml:524(para)
19269
msgid ""
19270
"<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS "
19271
"server installation listens only on the loopback interface at IP address "
19272
"<emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to "
19273
"listen on an actual network adapter's IP address, you must specify either a "
19274
"hostname, the IP address, or optionally, an IP address/port pairing via the "
19275
"addition of a Listen directive. For example, if your CUPS server resides on "
19276
"a local network at the IP address <emphasis "
19277
"role=\"italics\">192.168.10.250</emphasis> and you'd like to make it "
19278
"accessible to the other systems on this subnetwork, you would edit the "
19279
"<filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as "
19280
"such:"
12163
msgid "<emphasis role=\"bold\">Listen</emphasis>: By default on Ubuntu, the CUPS server installation listens only on the loopback interface at IP address <emphasis>127.0.0.1</emphasis>. In order to instruct the CUPS server to listen on an actual network adapter's IP address, you must specify either a hostname, the IP address, or optionally, an IP address/port pairing via the addition of a Listen directive. For example, if your CUPS server resides on a local network at the IP address <emphasis role=\"italics\">192.168.10.250</emphasis> and you'd like to make it accessible to the other systems on this subnetwork, you would edit the <filename>/etc/cups/cupsd.conf</filename> and add a Listen directive, as such:"
19281
12164
msgstr ""
19282
12165
19283
12166
#: serverguide/C/file-server.xml:538(screen)
19284
12167
#, no-wrap
19285
msgid ""
19286
"\n"
19287
"Listen 127.0.0.1:631 # existing loopback Listen\n"
19288
"Listen /var/run/cups/cups.sock # existing socket Listen\n"
19289
"Listen 192.168.10.250:631 # Listen on the LAN interface, Port 631 "
19290
"(IPP)\n"
12168
msgid "\nListen 127.0.0.1:631 # existing loopback Listen\nListen /var/run/cups/cups.sock # existing socket Listen\nListen 192.168.10.250:631 # Listen on the LAN interface, Port 631 (IPP)\n"
19291
12169
msgstr ""
19292
12170
19293
12171
#: serverguide/C/file-server.xml:544(para)
19294
msgid ""
19295
"In the example above, you may comment out or remove the reference to the "
19296
"Loopback address (127.0.0.1) if you do not wish <application>cupsd "
19297
"</application> to listen on that interface, but would rather have it only "
19298
"listen on the Ethernet interfaces of the Local Area Network (LAN). To enable "
19299
"listening for all network interfaces for which a certain hostname is bound, "
19300
"including the Loopback, you could create a Listen entry for the hostname "
19301
"<emphasis>socrates</emphasis> as such:"
12172
msgid "In the example above, you may comment out or remove the reference to the Loopback address (127.0.0.1) if you do not wish <application>cupsd </application> to listen on that interface, but would rather have it only listen on the Ethernet interfaces of the Local Area Network (LAN). To enable listening for all network interfaces for which a certain hostname is bound, including the Loopback, you could create a Listen entry for the hostname <emphasis>socrates</emphasis> as such:"
19302
12173
msgstr ""
19303
12174
19304
12175
#: serverguide/C/file-server.xml:554(screen)
19305
12176
#, no-wrap
19306
msgid ""
19307
"\n"
19308
"Listen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
12177
msgid "\nListen socrates:631 # Listen on all interfaces for the hostname 'socrates'\n"
19309
12178
msgstr ""
19310
12179
19311
12180
#: serverguide/C/file-server.xml:558(para)
19312
msgid ""
19313
"or by omitting the Listen directive and using <emphasis>Port</emphasis> "
19314
"instead, as in:"
12181
msgid "or by omitting the Listen directive and using <emphasis>Port</emphasis> instead, as in:"
19315
12182
msgstr ""
19316
12183
19317
12184
#: serverguide/C/file-server.xml:560(screen)
19318
12185
#, no-wrap
19319
msgid ""
19320
"\n"
19321
"Port 631 # Listen on port 631 on all interfaces\n"
12186
msgid "\nPort 631 # Listen on port 631 on all interfaces\n"
19322
12187
msgstr ""
19323
12188
19324
12189
#: serverguide/C/file-server.xml:567(para)
19325
msgid ""
19326
"For more examples of configuration directives in the CUPS server "
19327
"configuration file, view the associated system manual page by entering the "
19328
"following command at a terminal prompt:"
12190
msgid "For more examples of configuration directives in the CUPS server configuration file, view the associated system manual page by entering the following command at a terminal prompt:"
19329
12191
msgstr ""
19330
12192
19331
12193
#: serverguide/C/file-server.xml:574(command)
19333
12195
msgstr ""
19334
12196
19335
12197
#: serverguide/C/file-server.xml:578(para)
19336
msgid ""
19337
"Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> "
19338
"configuration file, you'll need to restart the CUPS server by typing the "
19339
"following command at a terminal prompt:"
12198
msgid "Whenever you make changes to the <filename>/etc/cups/cupsd.conf</filename> configuration file, you'll need to restart the CUPS server by typing the following command at a terminal prompt:"
19340
12199
msgstr ""
19341
12200
19342
12201
#: serverguide/C/file-server.xml:584(command)
19348
12207
msgstr ""
19349
12208
19350
12209
#: serverguide/C/file-server.xml:592(para)
19351
msgid ""
19352
"CUPS can be configured and monitored using a web interface, which by default "
19353
"is available at <ulink "
19354
"url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The "
19355
"web interface can be used to perform all printer management tasks."
12210
msgid "CUPS can be configured and monitored using a web interface, which by default is available at <ulink url=\"http://localhost:631/admin\">http://localhost:631/admin</ulink>. The web interface can be used to perform all printer management tasks."
19356
12211
msgstr ""
19357
12212
19358
12213
#: serverguide/C/file-server.xml:596(para)
19359
msgid ""
19360
"In order to perform administrative tasks via the web interface, you must "
19361
"either have the root account enabled on your server, or authenticate as a "
19362
"user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security "
19363
"reasons, CUPS won't authenticate a user that doesn't have a password."
12214
msgid "In order to perform administrative tasks via the web interface, you must either have the root account enabled on your server, or authenticate as a user in the <emphasis role=\"italic\">lpadmin</emphasis> group. For security reasons, CUPS won't authenticate a user that doesn't have a password."
19364
12215
msgstr ""
19365
12216
19366
12217
#: serverguide/C/file-server.xml:599(para)
19367
msgid ""
19368
"To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run "
19369
"at the terminal prompt: <screen>\n"
19370
"<command>sudo usermod -aG lpadmin username</command>\n"
19371
"</screen>"
12218
msgid "To add a user to the <emphasis role=\"italic\">lpadmin</emphasis> group, run at the terminal prompt: <screen>\n<command>sudo usermod -aG lpadmin username</command>\n</screen>"
19372
12219
msgstr ""
19373
12220
19374
12221
#: serverguide/C/file-server.xml:605(para)
19375
msgid ""
19376
"Further documentation is available in the <emphasis "
19377
"role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
12222
msgid "Further documentation is available in the <emphasis role=\"italic\">Documentation/Help</emphasis> tab of the web interface."
19378
12223
msgstr ""
19379
12224
19380
12225
#: serverguide/C/file-server.xml:613(ulink)
19386
12231
msgstr ""
19387
12232
19388
12233
#: serverguide/C/dns.xml:14(para)
19389
msgid ""
19390
"Domain Name Service (DNS) is an Internet service that maps IP addresses and "
19391
"fully qualified domain names (FQDN) to one another. In this way, DNS "
19392
"alleviates the need to remember IP addresses. Computers that run DNS are "
19393
"called <emphasis>name servers</emphasis>. Ubuntu ships with "
19394
"<application>BIND</application> (Berkley Internet Naming Daemon), the most "
19395
"common program used for maintaining a name server on Linux."
12234
msgid "Domain Name Service (DNS) is an Internet service that maps IP addresses and fully qualified domain names (FQDN) to one another. In this way, DNS alleviates the need to remember IP addresses. Computers that run DNS are called <emphasis>name servers</emphasis>. Ubuntu ships with <application>BIND</application> (Berkley Internet Naming Daemon), the most common program used for maintaining a name server on Linux."
19396
12235
msgstr ""
19397
12236
19398
12237
#: serverguide/C/dns.xml:24(para)
19399
msgid ""
19400
"At a terminal prompt, enter the following command to install "
19401
"<application>dns</application>:"
12238
msgid "At a terminal prompt, enter the following command to install <application>dns</application>:"
19402
12239
msgstr ""
19403
12240
19404
12241
#: serverguide/C/dns.xml:28(command)
19406
12243
msgstr ""
19407
12244
19408
12245
#: serverguide/C/dns.xml:30(para)
19409
msgid ""
19410
"A very useful package for testing and troubleshooting DNS issues is the "
19411
"dnsutils package. To install <application>dnsutils</application> enter the "
19412
"following:"
12246
msgid "A very useful package for testing and troubleshooting DNS issues is the dnsutils package. To install <application>dnsutils</application> enter the following:"
19413
12247
msgstr ""
19414
12248
19415
12249
#: serverguide/C/dns.xml:35(command)
19417
12251
msgstr ""
19418
12252
19419
12253
#: serverguide/C/dns.xml:40(para)
19420
msgid ""
19421
"There a many ways to configure <application>BIND9</application>. Some of the "
19422
"most common configurations are a caching nameserver, primary master, and a "
19423
"as a secondary master."
12254
msgid "There a many ways to configure <application>BIND9</application>. Some of the most common configurations are a caching nameserver, primary master, and a as a secondary master."
19424
12255
msgstr ""
19425
12256
19426
12257
#: serverguide/C/dns.xml:46(para)
19427
msgid ""
19428
"When configured as a caching nameserver BIND9 will find the answer to name "
19429
"queries and remember the answer when the domain is queried again."
12258
msgid "When configured as a caching nameserver BIND9 will find the answer to name queries and remember the answer when the domain is queried again."
19430
12259
msgstr ""
19431
12260
19432
12261
#: serverguide/C/dns.xml:52(para)
19433
msgid ""
19434
"As a primary master server BIND9 reads the data for a zone from a file on "
19435
"it's host and is authoritative for that zone."
12262
msgid "As a primary master server BIND9 reads the data for a zone from a file on it's host and is authoritative for that zone."
19436
12263
msgstr ""
19437
12264
19438
12265
#: serverguide/C/dns.xml:57(para)
19439
msgid ""
19440
"In a secondary master configuration BIND9 gets the zone data from another "
19441
"nameserver authoritative for the zone."
12266
msgid "In a secondary master configuration BIND9 gets the zone data from another nameserver authoritative for the zone."
19442
12267
msgstr ""
19443
12268
19444
12269
#: serverguide/C/dns.xml:65(para)
19445
msgid ""
19446
"The DNS configuration files are stored in the <filename>/etc/bind</filename> "
19447
"directory. The primary configuration file is "
19448
"<filename>/etc/bind/named.conf</filename>."
12270
msgid "The DNS configuration files are stored in the <filename>/etc/bind</filename> directory. The primary configuration file is <filename>/etc/bind/named.conf</filename>."
19449
12271
msgstr ""
19450
12272
19451
12273
#: serverguide/C/dns.xml:72(para)
19452
msgid ""
19453
"The <emphasis>include</emphasis> line specifies the filename which contains "
19454
"the DNS options. The <emphasis>directory</emphasis> line in the "
19455
"<filename>/etc/bind/named.conf.options</filename> file tells DNS where to "
19456
"look for files. All files BIND uses will be relative to this directory."
12274
msgid "The <emphasis>include</emphasis> line specifies the filename which contains the DNS options. The <emphasis>directory</emphasis> line in the <filename>/etc/bind/named.conf.options</filename> file tells DNS where to look for files. All files BIND uses will be relative to this directory."
19457
12275
msgstr ""
19458
12276
19459
12277
#: serverguide/C/dns.xml:80(para)
19460
msgid ""
19461
"The file named <filename>/etc/bind/db.root</filename> describes the root "
19462
"nameservers in the world. The servers change over time, so the "
19463
"<filename>/etc/bind/db.root</filename> file must be maintained now and then. "
19464
"This is usually done as updates to the <application>bind9</application> "
19465
"package. The <emphasis>zone</emphasis> section defines a master server, and "
19466
"it is stored in a file mentioned in the <emphasis>file</emphasis> option."
12278
msgid "The file named <filename>/etc/bind/db.root</filename> describes the root nameservers in the world. The servers change over time, so the <filename>/etc/bind/db.root</filename> file must be maintained now and then. This is usually done as updates to the <application>bind9</application> package. The <emphasis>zone</emphasis> section defines a master server, and it is stored in a file mentioned in the <emphasis>file</emphasis> option."
19467
12279
msgstr ""
19468
12280
19469
12281
#: serverguide/C/dns.xml:90(para)
19470
msgid ""
19471
"It is possible to configure the same server to be a caching name server, "
19472
"primary master, and secondary master. A server can be the Start of Authority "
19473
"(SOA) for one zone, while providing secondary service for another zone. All "
19474
"the while providing caching services for hosts on the local LAN."
12282
msgid "It is possible to configure the same server to be a caching name server, primary master, and secondary master. A server can be the Start of Authority (SOA) for one zone, while providing secondary service for another zone. All the while providing caching services for hosts on the local LAN."
19475
12283
msgstr ""
19476
12284
19477
12285
#: serverguide/C/dns.xml:98(title)
19479
12287
msgstr ""
19480
12288
19481
12289
#: serverguide/C/dns.xml:99(para)
19482
msgid ""
19483
"The default configuration is setup to act as a caching server. All that is "
19484
"required is simply adding the IP Addresses of your ISP's DNS servers. Simply "
19485
"uncomment and edit the following in "
19486
"<filename>/etc/bind/named.conf.options</filename>:"
12290
msgid "The default configuration is setup to act as a caching server. All that is required is simply adding the IP Addresses of your ISP's DNS servers. Simply uncomment and edit the following in <filename>/etc/bind/named.conf.options</filename>:"
19487
12291
msgstr ""
19488
12292
19489
12293
#: serverguide/C/dns.xml:103(programlisting)
19490
12294
#, no-wrap
19491
msgid ""
19492
"\n"
19493
"forwarders {\n"
19494
" 1.2.3.4;\n"
19495
" 5.6.7.8;\n"
19496
" };\n"
12295
msgid "\nforwarders {\n 1.2.3.4;\n 5.6.7.8;\n };\n"
19497
12296
msgstr ""
19498
12297
19499
12298
#: serverguide/C/dns.xml:110(para)
19500
msgid ""
19501
"Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with "
19502
"the IP Adresses of actual nameservers."
12299
msgid "Replace <emphasis>1.2.3.4</emphasis> and <emphasis>5.6.7.8</emphasis> with the IP Adresses of actual nameservers."
19503
12300
msgstr ""
19504
12301
19505
12302
#: serverguide/C/dns.xml:114(para)
19506
msgid ""
19507
"Now restart the DNS server, to enable the new configuration. From a terminal "
19508
"prompt:"
12303
msgid "Now restart the DNS server, to enable the new configuration. From a terminal prompt:"
19509
12304
msgstr ""
19510
12305
19511
12306
#: serverguide/C/dns.xml:118(command) serverguide/C/dns.xml:194(command) serverguide/C/dns.xml:253(command) serverguide/C/dns.xml:312(command) serverguide/C/dns.xml:561(command)
19513
12308
msgstr ""
19514
12309
19515
12310
#: serverguide/C/dns.xml:120(para)
19516
msgid ""
19517
"See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching "
19518
"DNS server."
12311
msgid "See <xref linkend=\"dns-testing-dig\"/> for information on testing a caching DNS server."
19519
12312
msgstr ""
19520
12313
19521
12314
#: serverguide/C/dns.xml:125(title)
19523
12316
msgstr ""
19524
12317
19525
12318
#: serverguide/C/dns.xml:126(para)
19526
msgid ""
19527
"In this section <application>BIND9</application> will be configured as the "
19528
"Primary Master for the domain <emphasis>example.com</emphasis>. Simply "
19529
"replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN "
19530
"(Fully Qualified Domain Name)."
12319
msgid "In this section <application>BIND9</application> will be configured as the Primary Master for the domain <emphasis>example.com</emphasis>. Simply replace <emphasis role=\"italic\">example.com</emphasis> with your FQDN (Fully Qualified Domain Name)."
19531
12320
msgstr ""
19532
12321
19533
12322
#: serverguide/C/dns.xml:132(title)
19535
12324
msgstr ""
19536
12325
19537
12326
#: serverguide/C/dns.xml:133(para)
19538
msgid ""
19539
"To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the "
19540
"first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
12327
msgid "To add a DNS zone to BIND9, turning BIND9 into a Primary Master server, the first step is to edit <filename>/etc/bind/named.conf.local</filename>:"
19541
12328
msgstr ""
19542
12329
19543
12330
#: serverguide/C/dns.xml:137(programlisting)
19544
12331
#, no-wrap
19545
msgid ""
19546
"\n"
19547
"zone \"example.com\" {\n"
19548
"\ttype master;\n"
19549
" file \"/etc/bind/db.example.com\";\n"
19550
"};\n"
12332
msgid "\nzone \"example.com\" {\n\ttype master;\n file \"/etc/bind/db.example.com\";\n};\n"
19551
12333
msgstr ""
19552
12334
19553
12335
#: serverguide/C/dns.xml:143(para)
19554
msgid ""
19555
"Now use an existing zone file as a template to create the "
19556
"<filename>/etc/bind/db.example.com</filename> file:"
12336
msgid "Now use an existing zone file as a template to create the <filename>/etc/bind/db.example.com</filename> file:"
19557
12337
msgstr ""
19558
12338
19559
12339
#: serverguide/C/dns.xml:147(command)
19561
12341
msgstr ""
19562
12342
19563
12343
#: serverguide/C/dns.xml:149(para)
19564
msgid ""
19565
"Edit the new zone file <filename>/etc/bind/db.example.com</filename> change "
19566
"<emphasis>localhost.</emphasis> to the FQDN of your server, leaving the "
19567
"additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the "
19568
"nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid "
19569
"email address, but with a \".\" instead of the usual \"@\" symbol, again "
19570
"leaving the \".\" at the end."
12344
msgid "Edit the new zone file <filename>/etc/bind/db.example.com</filename> change <emphasis>localhost.</emphasis> to the FQDN of your server, leaving the additional \".\" at the end. Change <emphasis>127.0.0.1</emphasis> to the nameserver's IP Address and <emphasis>root.localhost</emphasis> to a valid email address, but with a \".\" instead of the usual \"@\" symbol, again leaving the \".\" at the end."
19571
12345
msgstr ""
19572
12346
19573
12347
#: serverguide/C/dns.xml:155(para)
19574
msgid ""
19575
"Also, create an <emphasis>A record</emphasis> for <emphasis "
19576
"role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
12348
msgid "Also, create an <emphasis>A record</emphasis> for <emphasis role=\"italic\">ns.example.com</emphasis>. The name server in this example:"
19577
12349
msgstr ""
19578
12350
19579
12351
#: serverguide/C/dns.xml:159(programlisting)
19580
12352
#, no-wrap
19581
msgid ""
19582
"\n"
19583
";\n"
19584
"; BIND data file for local loopback interface\n"
19585
";\n"
19586
"$TTL 604800\n"
19587
"@ IN SOA ns.example.com. root.example.com. (\n"
19588
" 2 ; Serial\n"
19589
" 604800 ; Refresh\n"
19590
" 86400 ; Retry\n"
19591
" 2419200 ; Expire\n"
19592
" 604800 ) ; Negative Cache TTL\n"
19593
";\n"
19594
"@ IN NS ns.example.com.\n"
19595
"@ IN A 127.0.0.1\n"
19596
"@ IN AAAA ::1\n"
19597
"ns IN A 192.168.1.10\n"
12353
msgid "\n;\n; BIND data file for local loopback interface\n;\n$TTL 604800\n@ IN SOA ns.example.com. root.example.com. (\n 2 ; Serial\n 604800 ; Refresh\n 86400 ; Retry\n 2419200 ; Expire\n 604800 ) ; Negative Cache TTL\n;\n@ IN NS ns.example.com.\n@ IN A 127.0.0.1\n@ IN AAAA ::1\nns IN A 192.168.1.10\n"
19598
12354
msgstr ""
19599
12355
19600
12356
#: serverguide/C/dns.xml:176(para)
19601
msgid ""
19602
"You must increment the <emphasis>Serial Number</emphasis> every time you "
19603
"make changes to the zone file. If you make multiple changes before "
19604
"restarting BIND9, simply increment the Serial once."
12357
msgid "You must increment the <emphasis>Serial Number</emphasis> every time you make changes to the zone file. If you make multiple changes before restarting BIND9, simply increment the Serial once."
19605
12358
msgstr ""
19606
12359
19607
12360
#: serverguide/C/dns.xml:180(para)
19608
msgid ""
19609
"Now, you can add DNS records to the bottom of the zone file. See <xref "
19610
"linkend=\"dns-record-types\"/> for details."
12361
msgid "Now, you can add DNS records to the bottom of the zone file. See <xref linkend=\"dns-record-types\"/> for details."
19611
12362
msgstr ""
19612
12363
19613
12364
#: serverguide/C/dns.xml:184(para)
19614
msgid ""
19615
"Many admins like to use the last date edited as the serial of a zone, such "
19616
"as <emphasis>2007010100</emphasis> which is yyyymmddss (where "
19617
"<emphasis>ss</emphasis> is the Serial Number)"
12365
msgid "Many admins like to use the last date edited as the serial of a zone, such as <emphasis>2007010100</emphasis> which is yyyymmddss (where <emphasis>ss</emphasis> is the Serial Number)"
19618
12366
msgstr ""
19619
12367
19620
12368
#: serverguide/C/dns.xml:189(para)
19621
msgid ""
19622
"Once you have made a change to the zone file "
19623
"<application>BIND9</application> will need to be restarted for the changes "
19624
"to take effect:"
12369
msgid "Once you have made a change to the zone file <application>BIND9</application> will need to be restarted for the changes to take effect:"
19625
12370
msgstr ""
19626
12371
19627
12372
#: serverguide/C/dns.xml:198(title)
19629
12374
msgstr ""
19630
12375
19631
12376
#: serverguide/C/dns.xml:199(para)
19632
msgid ""
19633
"Now that the zone is setup and resolving names to IP Adresses a "
19634
"<emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows "
19635
"DNS to resolve an address to a name."
12377
msgid "Now that the zone is setup and resolving names to IP Adresses a <emphasis>Reverse zone</emphasis> is also required. A Reverse zone allows DNS to resolve an address to a name."
19636
12378
msgstr ""
19637
12379
19638
12380
#: serverguide/C/dns.xml:203(para)
19641
12383
19642
12384
#: serverguide/C/dns.xml:206(programlisting)
19643
12385
#, no-wrap
19644
msgid ""
19645
"\n"
19646
"zone \"1.168.192.in-addr.arpa\" {\n"
19647
" type master;\n"
19648
" notify no;\n"
19649
" file \"/etc/bind/db.192\";\n"
19650
"};\n"
12386
msgid "\nzone \"1.168.192.in-addr.arpa\" {\n type master;\n notify no;\n file \"/etc/bind/db.192\";\n};\n"
19651
12387
msgstr ""
19652
12388
19653
12389
#: serverguide/C/dns.xml:214(para)
19654
msgid ""
19655
"Replace <emphasis>1.168.192</emphasis> with the first three octets of "
19656
"whatever network you are using. Also, name the zone file "
19657
"<filename>/etc/bind/db.192</filename> appropriately. It should match the "
19658
"first octet of your network."
12390
msgid "Replace <emphasis>1.168.192</emphasis> with the first three octets of whatever network you are using. Also, name the zone file <filename>/etc/bind/db.192</filename> appropriately. It should match the first octet of your network."
19659
12391
msgstr ""
19660
12392
19661
12393
#: serverguide/C/dns.xml:219(para)
19667
12399
msgstr ""
19668
12400
19669
12401
#: serverguide/C/dns.xml:225(para)
19670
msgid ""
19671
"Next edit <filename>/etc/bind/db.192</filename> changing the basically the "
19672
"same options as <filename>/etc/bind/db.example.com</filename>:"
12402
msgid "Next edit <filename>/etc/bind/db.192</filename> changing the basically the same options as <filename>/etc/bind/db.example.com</filename>:"
19673
12403
msgstr ""
19674
12404
19675
12405
#: serverguide/C/dns.xml:229(programlisting)
19676
12406
#, no-wrap
19677
msgid ""
19678
"\n"
19679
";\n"
19680
"; BIND reverse data file for local loopback interface\n"
19681
";\n"
19682
"$TTL 604800\n"
19683
"@ IN SOA ns.example.com. root.example.com. (\n"
19684
" 2 ; Serial\n"
19685
" 604800 ; Refresh\n"
19686
" 86400 ; Retry\n"
19687
" 2419200 ; Expire\n"
19688
" 604800 ) ; Negative Cache TTL\n"
19689
";\n"
19690
"@ IN NS ns.\n"
19691
"10 IN PTR ns.example.com.\n"
12407
msgid "\n;\n; BIND reverse data file for local loopback interface\n;\n$TTL 604800\n@ IN SOA ns.example.com. root.example.com. (\n 2 ; Serial\n 604800 ; Refresh\n 86400 ; Retry\n 2419200 ; Expire\n 604800 ) ; Negative Cache TTL\n;\n@ IN NS ns.\n10 IN PTR ns.example.com.\n"
19692
12408
msgstr ""
19693
12409
19694
12410
#: serverguide/C/dns.xml:244(para)
19695
msgid ""
19696
"The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be "
19697
"incremented on each changes as well. For each <emphasis>A record</emphasis> "
19698
"you configure in <filename>/etc/bind/db.example.com</filename> you need to "
19699
"create a <emphasis>PTR record</emphasis> in "
19700
"<filename>/etc/bind/db.192</filename>."
12411
msgid "The <emphasis>Serial Number</emphasis> in the Reverse zone needs to be incremented on each changes as well. For each <emphasis>A record</emphasis> you configure in <filename>/etc/bind/db.example.com</filename> you need to create a <emphasis>PTR record</emphasis> in <filename>/etc/bind/db.192</filename>."
19701
12412
msgstr ""
19702
12413
19703
12414
#: serverguide/C/dns.xml:249(para)
19704
msgid ""
19705
"After creating the reverse zone file restart "
19706
"<application>BIND9</application>:"
12415
msgid "After creating the reverse zone file restart <application>BIND9</application>:"
19707
12416
msgstr ""
19708
12417
19709
12418
#: serverguide/C/dns.xml:258(title)
19711
12420
msgstr ""
19712
12421
19713
12422
#: serverguide/C/dns.xml:259(para)
19714
msgid ""
19715
"Once a <emphasis>Primary Master</emphasis> has been configured a "
19716
"<emphasis>Secondary Master</emphasis> is needed in order to maintain the "
19717
"availability of the domain should the Primary become unavailable."
12423
msgid "Once a <emphasis>Primary Master</emphasis> has been configured a <emphasis>Secondary Master</emphasis> is needed in order to maintain the availability of the domain should the Primary become unavailable."
19718
12424
msgstr ""
19719
12425
19720
12426
#: serverguide/C/dns.xml:263(para)
19721
msgid ""
19722
"First, on the Primary Master server, the zone transfer needs to be allowed. "
19723
"Add the <emphasis>allow-transfer</emphasis> option to the example Forward "
19724
"and Reverse zone definitions in "
19725
"<filename>/etc/bind/named.conf.local</filename>:"
12427
msgid "First, on the Primary Master server, the zone transfer needs to be allowed. Add the <emphasis>allow-transfer</emphasis> option to the example Forward and Reverse zone definitions in <filename>/etc/bind/named.conf.local</filename>:"
19726
12428
msgstr ""
19727
12429
19728
12430
#: serverguide/C/dns.xml:267(programlisting)
19729
12431
#, no-wrap
19730
msgid ""
19731
"\n"
19732
"zone \"example.com\" {\n"
19733
" type master;\n"
19734
"\tfile \"/etc/bind/db.example.com\";\n"
19735
" allow-transfer { 192.168.1.11; };\n"
19736
"};\n"
19737
"\n"
19738
"zone \"1.168.192.in-addr.arpa\" {\n"
19739
" type master;\n"
19740
" notify no;\n"
19741
" file \"/etc/bind/db.192\";\n"
19742
"\tallow-transfer { 192.168.1.11; };\n"
19743
"};\n"
12432
msgid "\nzone \"example.com\" {\n type master;\n\tfile \"/etc/bind/db.example.com\";\n allow-transfer { 192.168.1.11; };\n};\n\nzone \"1.168.192.in-addr.arpa\" {\n type master;\n notify no;\n file \"/etc/bind/db.192\";\n\tallow-transfer { 192.168.1.11; };\n};\n"
19744
12433
msgstr ""
19745
12434
19746
12435
#: serverguide/C/dns.xml:282(para)
19747
msgid ""
19748
"Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your "
19749
"Secondary nameserver."
12436
msgid "Replace <emphasis>192.168.1.11</emphasis> with the IP Address of your Secondary nameserver."
19750
12437
msgstr ""
19751
12438
19752
12439
#: serverguide/C/dns.xml:286(para)
19753
msgid ""
19754
"Next, on the Secondary Master, install the <application>bind9</application> "
19755
"package the same way as on the Primary. Then edit the "
19756
"<filename>/etc/bind/named.conf.local</filename> and add the following "
19757
"declarations for the Forward and Reverse zones:"
12440
msgid "Next, on the Secondary Master, install the <application>bind9</application> package the same way as on the Primary. Then edit the <filename>/etc/bind/named.conf.local</filename> and add the following declarations for the Forward and Reverse zones:"
19758
12441
msgstr ""
19759
12442
19760
12443
#: serverguide/C/dns.xml:290(programlisting)
19761
12444
#, no-wrap
19762
msgid ""
19763
"\n"
19764
"zone \"example.com\" {\n"
19765
"\ttype slave;\n"
19766
" file \"/var/cache/bind/db.example.com\";\n"
19767
" masters { 192.168.1.10; };\n"
19768
"}; \n"
19769
" \n"
19770
"zone \"1.168.192.in-addr.arpa\" {\n"
19771
"\ttype slave;\n"
19772
" file \"/var/cache/bind/db.192\";\n"
19773
" masters { 192.168.1.10; };\n"
19774
"};\n"
12445
msgid "\nzone \"example.com\" {\n\ttype slave;\n file \"/var/cache/bind/db.example.com\";\n masters { 192.168.1.10; };\n}; \n \nzone \"1.168.192.in-addr.arpa\" {\n\ttype slave;\n file \"/var/cache/bind/db.192\";\n masters { 192.168.1.10; };\n};\n"
19775
12446
msgstr ""
19776
12447
19777
12448
#: serverguide/C/dns.xml:304(para)
19778
msgid ""
19779
"Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your "
19780
"Primary nameserver."
12449
msgid "Replace <emphasis>192.168.1.10</emphasis> with the IP Address of your Primary nameserver."
19781
12450
msgstr ""
19782
12451
19783
12452
#: serverguide/C/dns.xml:308(para)
19785
12454
msgstr ""
19786
12455
19787
12456
#: serverguide/C/dns.xml:314(para)
19788
msgid ""
19789
"In <filename>/var/log/syslog</filename> you should see something similar to:"
12457
msgid "In <filename>/var/log/syslog</filename> you should see something similar to:"
19790
12458
msgstr ""
19791
12459
19792
12460
#: serverguide/C/dns.xml:317(programlisting)
19793
12461
#, no-wrap
19794
msgid ""
19795
"\n"
19796
"slave zone \"example.com\" (IN) loaded (serial 6)\n"
19797
"slave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
12462
msgid "\nslave zone \"example.com\" (IN) loaded (serial 6)\nslave zone \"100.18.172.in-addr.arpa\" (IN) loaded (serial 3)\n"
19798
12463
msgstr ""
19799
12464
19800
12465
#: serverguide/C/dns.xml:322(para)
19801
msgid ""
19802
"Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> "
19803
"on the Primary is larger than the one on the Secondary."
12466
msgid "Note: A zone is only transferred if the <emphasis>Serial Number</emphasis> on the Primary is larger than the one on the Secondary."
19804
12467
msgstr ""
19805
12468
19806
12469
#: serverguide/C/dns.xml:328(para)
19807
msgid ""
19808
"The default directory for non-authoritative zone files is "
19809
"<filename>/var/cache/bind/</filename>. This directory is also configured in "
19810
"<application>AppArmor</application> to allow the "
19811
"<application>named</application> daemon to write to. For more information on "
19812
"AppArmor see <xref linkend=\"apparmor\"/>."
12470
msgid "The default directory for non-authoritative zone files is <filename>/var/cache/bind/</filename>. This directory is also configured in <application>AppArmor</application> to allow the <application>named</application> daemon to write to. For more information on AppArmor see <xref linkend=\"apparmor\"/>."
19813
12471
msgstr ""
19814
12472
19815
12473
#: serverguide/C/dns.xml:339(para)
19816
msgid ""
19817
"This section covers ways to help determine the cause when problems happen "
19818
"with DNS and <application>BIND9</application>."
12474
msgid "This section covers ways to help determine the cause when problems happen with DNS and <application>BIND9</application>."
19819
12475
msgstr ""
19820
12476
19821
12477
#: serverguide/C/dns.xml:345(title)
19823
12479
msgstr ""
19824
12480
19825
12481
#: serverguide/C/dns.xml:346(para)
19826
msgid ""
19827
"The first step in testing <application>BIND9</application> is to add the "
19828
"nameserver's IP Address to a hosts resolver. The Primary nameserver should "
19829
"be configured as well as another host to double check things. Simply edit "
19830
"<filename>/etc/resolv.conf</filename> and add the following:"
12482
msgid "The first step in testing <application>BIND9</application> is to add the nameserver's IP Address to a hosts resolver. The Primary nameserver should be configured as well as another host to double check things. Simply edit <filename>/etc/resolv.conf</filename> and add the following:"
19831
12483
msgstr ""
19832
12484
19833
12485
#: serverguide/C/dns.xml:351(programlisting)
19834
12486
#, no-wrap
19835
msgid ""
19836
"\n"
19837
"nameserver\t192.168.1.10\n"
19838
"nameserver\t192.168.1.11\n"
12487
msgid "\nnameserver\t192.168.1.10\nnameserver\t192.168.1.11\n"
19839
12488
msgstr ""
19840
12489
19841
12490
#: serverguide/C/dns.xml:356(para)
19842
msgid ""
19843
"You should also add the IP Address of the Secondary nameserver in case the "
19844
"Primary becomes unavailable."
12491
msgid "You should also add the IP Address of the Secondary nameserver in case the Primary becomes unavailable."
19845
12492
msgstr ""
19846
12493
19847
12494
#: serverguide/C/dns.xml:362(title)
19849
12496
msgstr ""
19850
12497
19851
12498
#: serverguide/C/dns.xml:363(para)
19852
msgid ""
19853
"If you installed the <application>dnsutils</application> package you can "
19854
"test your setup using the DNS lookup utility <application>dig</application>:"
12499
msgid "If you installed the <application>dnsutils</application> package you can test your setup using the DNS lookup utility <application>dig</application>:"
19855
12500
msgstr ""
19856
12501
19857
12502
#: serverguide/C/dns.xml:369(para)
19858
msgid ""
19859
"After installing <application>BIND9</application> use "
19860
"<application>dig</application> against the loopback interface to make sure "
19861
"it is listening on port 53. From a terminal prompt:"
12503
msgid "After installing <application>BIND9</application> use <application>dig</application> against the loopback interface to make sure it is listening on port 53. From a terminal prompt:"
19862
12504
msgstr ""
19863
12505
19864
12506
#: serverguide/C/dns.xml:374(command)
19871
12513
19872
12514
#: serverguide/C/dns.xml:379(programlisting)
19873
12515
#, no-wrap
19874
msgid ""
19875
"\n"
19876
";; Query time: 1 msec\n"
19877
";; SERVER: 192.168.1.10#53(192.168.1.10)\n"
12516
msgid "\n;; Query time: 1 msec\n;; SERVER: 192.168.1.10#53(192.168.1.10)\n"
19878
12517
msgstr ""
19879
12518
19880
12519
#: serverguide/C/dns.xml:385(para)
19881
msgid ""
19882
"If you have configured <application>BIND9</application> as a "
19883
"<emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check "
19884
"the query time:"
12520
msgid "If you have configured <application>BIND9</application> as a <emphasis>Caching</emphasis> nameserver \"dig\" an outside domain to check the query time:"
19885
12521
msgstr ""
19886
12522
19887
12523
#: serverguide/C/dns.xml:390(command)
19894
12530
19895
12531
#: serverguide/C/dns.xml:395(programlisting)
19896
12532
#, no-wrap
19897
msgid ""
19898
"\n"
19899
";; Query time: 49 msec\n"
12533
msgid "\n;; Query time: 49 msec\n"
19900
12534
msgstr ""
19901
12535
19902
12536
#: serverguide/C/dns.xml:398(para)
19905
12539
19906
12540
#: serverguide/C/dns.xml:401(programlisting)
19907
12541
#, no-wrap
19908
msgid ""
19909
"\n"
19910
";; Query time: 1 msec\n"
12542
msgid "\n;; Query time: 1 msec\n"
19911
12543
msgstr ""
19912
12544
19913
12545
#: serverguide/C/dns.xml:408(title)
19915
12547
msgstr ""
19916
12548
19917
12549
#: serverguide/C/dns.xml:410(para)
19918
msgid ""
19919
"Now to demonstrate how applications make use of DNS to resolve a host name "
19920
"use the <application>ping</application> utility to send an ICMP echo "
19921
"request. From a terminal prompt enter:"
12550
msgid "Now to demonstrate how applications make use of DNS to resolve a host name use the <application>ping</application> utility to send an ICMP echo request. From a terminal prompt enter:"
19922
12551
msgstr ""
19923
12552
19924
12553
#: serverguide/C/dns.xml:416(command)
19926
12555
msgstr ""
19927
12556
19928
12557
#: serverguide/C/dns.xml:418(para)
19929
msgid ""
19930
"This tests if the nameserver can resolve the name "
19931
"<emphasis>ns.example.com</emphasis> to an IP Address. The command output "
19932
"should resemble:"
12558
msgid "This tests if the nameserver can resolve the name <emphasis>ns.example.com</emphasis> to an IP Address. The command output should resemble:"
19933
12559
msgstr ""
19934
12560
19935
12561
#: serverguide/C/dns.xml:422(programlisting)
19936
12562
#, no-wrap
19937
msgid ""
19938
"\n"
19939
"PING ns.example.com (192.168.1.10) 56(84) bytes of data.\n"
19940
"64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n"
19941
"64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
12563
msgid "\nPING ns.example.com (192.168.1.10) 56(84) bytes of data.\n64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.800 ms\n64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.813 ms\n"
19942
12564
msgstr ""
19943
12565
19944
12566
#: serverguide/C/dns.xml:429(title)
19946
12568
msgstr ""
19947
12569
19948
12570
#: serverguide/C/dns.xml:430(para)
19949
msgid ""
19950
"A great way to test your zone files is by using the <application>named-"
19951
"checkzone</application> utility installed with the "
19952
"<application>bind9</application> package. This utility allows you to make "
19953
"sure the configuration is correct before restarting "
19954
"<application>BIND9</application> and making the changes live."
12571
msgid "A great way to test your zone files is by using the <application>named-checkzone</application> utility installed with the <application>bind9</application> package. This utility allows you to make sure the configuration is correct before restarting <application>BIND9</application> and making the changes live."
19955
12572
msgstr ""
19956
12573
19957
12574
#: serverguide/C/dns.xml:437(para)
19958
msgid ""
19959
"To test our example Forward zone file enter the following from a command "
19960
"prompt:"
12575
msgid "To test our example Forward zone file enter the following from a command prompt:"
19961
12576
msgstr ""
19962
12577
19963
12578
#: serverguide/C/dns.xml:441(command)
19965
12580
msgstr ""
19966
12581
19967
12582
#: serverguide/C/dns.xml:443(para)
19968
msgid ""
19969
"If everything is configured correctly you should see output similar to:"
12583
msgid "If everything is configured correctly you should see output similar to:"
19970
12584
msgstr ""
19971
12585
19972
12586
#: serverguide/C/dns.xml:446(programlisting)
19973
12587
#, no-wrap
19974
msgid ""
19975
"\n"
19976
"zone example.com/IN: loaded serial 6\n"
19977
"OK\n"
12588
msgid "\nzone example.com/IN: loaded serial 6\nOK\n"
19978
12589
msgstr ""
19979
12590
19980
12591
#: serverguide/C/dns.xml:452(para)
19991
12602
19992
12603
#: serverguide/C/dns.xml:461(programlisting)
19993
12604
#, no-wrap
19994
msgid ""
19995
"\n"
19996
"zone example.com/IN: loaded serial 3\n"
19997
"OK\n"
12605
msgid "\nzone example.com/IN: loaded serial 3\nOK\n"
19998
12606
msgstr ""
19999
12607
20000
12608
#: serverguide/C/dns.xml:468(para)
20001
msgid ""
20002
"The <emphasis>Serial Number</emphasis> of your zone file will probably be "
20003
"different."
12609
msgid "The <emphasis>Serial Number</emphasis> of your zone file will probably be different."
20004
12610
msgstr ""
20005
12611
20006
12612
#: serverguide/C/dns.xml:475(title)
20008
12614
msgstr ""
20009
12615
20010
12616
#: serverguide/C/dns.xml:476(para)
20011
msgid ""
20012
"<application>BIND9</application> has a wide variety of logging configuration "
20013
"options available. There are two main options. The "
20014
"<emphasis>channel</emphasis> option configures where logs go, and the "
20015
"<emphasis>category</emphasis> option determines what information to log."
12617
msgid "<application>BIND9</application> has a wide variety of logging configuration options available. There are two main options. The <emphasis>channel</emphasis> option configures where logs go, and the <emphasis>category</emphasis> option determines what information to log."
20016
12618
msgstr ""
20017
12619
20018
12620
#: serverguide/C/dns.xml:480(para)
20021
12623
20022
12624
#: serverguide/C/dns.xml:483(programlisting)
20023
12625
#, no-wrap
20024
msgid ""
20025
"\n"
20026
"logging {\n"
20027
" category default { default_syslog; default_debug; };\n"
20028
" category unmatched { null; };\n"
20029
"};\n"
12626
msgid "\nlogging {\n category default { default_syslog; default_debug; };\n category unmatched { null; };\n};\n"
20030
12627
msgstr ""
20031
12628
20032
12629
#: serverguide/C/dns.xml:489(para)
20033
msgid ""
20034
"This section covers configuring <application>BIND9</application> to send "
20035
"<emphasis>debug</emphasis> messages related to DNS queries to a separate "
20036
"file."
12630
msgid "This section covers configuring <application>BIND9</application> to send <emphasis>debug</emphasis> messages related to DNS queries to a separate file."
20037
12631
msgstr ""
20038
12632
20039
12633
#: serverguide/C/dns.xml:494(para)
20040
msgid ""
20041
"First, we need to configure a channel to specify which file to send the "
20042
"messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add "
20043
"the following:"
12634
msgid "First, we need to configure a channel to specify which file to send the messages to. Edit <filename>/etc/bind/named.conf.local</filename> and add the following:"
20044
12635
msgstr ""
20045
12636
20046
12637
#: serverguide/C/dns.xml:498(programlisting)
20047
12638
#, no-wrap
20048
msgid ""
20049
"\n"
20050
"logging {\n"
20051
" channel query.log { \n"
20052
" file \"/var/log/query.log\";\n"
20053
" severity debug 3; \n"
20054
" }; \n"
20055
"};\n"
12639
msgid "\nlogging {\n channel query.log { \n file \"/var/log/query.log\";\n severity debug 3; \n }; \n};\n"
20056
12640
msgstr ""
20057
12641
20058
12642
#: serverguide/C/dns.xml:508(para)
20061
12645
20062
12646
#: serverguide/C/dns.xml:511(programlisting)
20063
12647
#, no-wrap
20064
msgid ""
20065
"\n"
20066
"logging {\n"
20067
" channel query.log { \n"
20068
" file \"/var/log/query.log\"; \n"
20069
" severity debug 3; \n"
20070
" }; \n"
20071
" <emphasis>category queries { query.log; };</emphasis> \n"
20072
"};\n"
12648
msgid "\nlogging {\n channel query.log { \n file \"/var/log/query.log\"; \n severity debug 3; \n }; \n <emphasis>category queries { query.log; };</emphasis> \n};\n"
20073
12649
msgstr ""
20074
12650
20075
12651
#: serverguide/C/dns.xml:523(para)
20076
msgid ""
20077
"Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a "
20078
"level isn't specified level 1 is the default."
12652
msgid "Note: the <emphasis>debug</emphasis> option can be set from 1 to 3. If a level isn't specified level 1 is the default."
20079
12653
msgstr ""
20080
12654
20081
12655
#: serverguide/C/dns.xml:529(para)
20082
msgid ""
20083
"Since the <emphasis>named daemon</emphasis> runs as the "
20084
"<emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> "
20085
"file must be created and the ownership changed:"
12656
msgid "Since the <emphasis>named daemon</emphasis> runs as the <emphasis>bind</emphasis> user the <filename>/var/log/query.log</filename> file must be created and the ownership changed:"
20086
12657
msgstr ""
20087
12658
20088
12659
#: serverguide/C/dns.xml:534(command)
20094
12665
msgstr ""
20095
12666
20096
12667
#: serverguide/C/dns.xml:539(para)
20097
msgid ""
20098
"Before <application>named</application> daemon can write to the new log file "
20099
"the <application>AppArmor</application> profile must be updated. First, edit "
20100
"<filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
12668
msgid "Before <application>named</application> daemon can write to the new log file the <application>AppArmor</application> profile must be updated. First, edit <filename>/etc/apparmor.d/usr.sbin.named</filename> and add:"
20101
12669
msgstr ""
20102
12670
20103
12671
#: serverguide/C/dns.xml:543(programlisting)
20104
12672
#, no-wrap
20105
msgid ""
20106
"\n"
20107
"/var/log/query.log w,\n"
12673
msgid "\n/var/log/query.log w,\n"
20108
12674
msgstr ""
20109
12675
20110
12676
#: serverguide/C/dns.xml:546(para)
20116
12682
msgstr ""
20117
12683
20118
12684
#: serverguide/C/dns.xml:552(para)
20119
msgid ""
20120
"For more information on <application>AppArmor</application> see <xref "
20121
"linkend=\"apparmor\"/>"
12685
msgid "For more information on <application>AppArmor</application> see <xref linkend=\"apparmor\"/>"
20122
12686
msgstr ""
20123
12687
20124
12688
#: serverguide/C/dns.xml:557(para)
20125
msgid ""
20126
"Now restart <application>BIND9</application> for the changes to take effect:"
12689
msgid "Now restart <application>BIND9</application> for the changes to take effect:"
20127
12690
msgstr ""
20128
12691
20129
12692
#: serverguide/C/dns.xml:565(para)
20130
msgid ""
20131
"You should see the file <filename>/var/log/query.log</filename> fill with "
20132
"query information. This is a simple example of the "
20133
"<application>BIND9</application> logging options. For coverage of advanced "
20134
"options see <xref linkend=\"dns-more-info\"/>."
12693
msgid "You should see the file <filename>/var/log/query.log</filename> fill with query information. This is a simple example of the <application>BIND9</application> logging options. For coverage of advanced options see <xref linkend=\"dns-more-info\"/>."
20135
12694
msgstr ""
20136
12695
20137
12696
#: serverguide/C/dns.xml:574(title)
20143
12702
msgstr ""
20144
12703
20145
12704
#: serverguide/C/dns.xml:580(para)
20146
msgid ""
20147
"<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
12705
msgid "<emphasis>A</emphasis> record: This record maps an IP Address to a hostname."
20148
12706
msgstr ""
20149
12707
20150
12708
#: serverguide/C/dns.xml:583(programlisting)
20151
12709
#, no-wrap
20152
msgid ""
20153
"\n"
20154
"www IN A 192.168.1.12\n"
12710
msgid "\nwww IN A 192.168.1.12\n"
20155
12711
msgstr ""
20156
12712
20157
12713
#: serverguide/C/dns.xml:588(para)
20158
msgid ""
20159
"<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A "
20160
"record. You cannot create a CNAME record pointing to another CNAME record."
12714
msgid "<emphasis>CNAME</emphasis> record: Used to create an alias to an existing A record. You cannot create a CNAME record pointing to another CNAME record."
20161
12715
msgstr ""
20162
12716
20163
12717
#: serverguide/C/dns.xml:591(programlisting)
20164
12718
#, no-wrap
20165
msgid ""
20166
"\n"
20167
"web IN CNAME www\n"
12719
msgid "\nweb IN CNAME www\n"
20168
12720
msgstr ""
20169
12721
20170
12722
#: serverguide/C/dns.xml:596(para)
20171
msgid ""
20172
"<emphasis>MX</emphasis> record: Used to define where email should be sent "
20173
"to. Must point to an A record, not a CNAME."
12723
msgid "<emphasis>MX</emphasis> record: Used to define where email should be sent to. Must point to an A record, not a CNAME."
20174
12724
msgstr ""
20175
12725
20176
12726
#: serverguide/C/dns.xml:599(programlisting)
20177
12727
#, no-wrap
20178
msgid ""
20179
"\n"
20180
" IN MX 1 mail.example.com.\n"
20181
"mail IN A 192.168.1.13\n"
12728
msgid "\n IN MX 1 mail.example.com.\nmail IN A 192.168.1.13\n"
20182
12729
msgstr ""
20183
12730
20184
12731
#: serverguide/C/dns.xml:605(para)
20185
msgid ""
20186
"<emphasis>NS</emphasis> record: Used to define which servers serve copies of "
20187
"a zone. It must point to an A record, not a CNAME. This is where Primary and "
20188
"Secondary servers are defined."
12732
msgid "<emphasis>NS</emphasis> record: Used to define which servers serve copies of a zone. It must point to an A record, not a CNAME. This is where Primary and Secondary servers are defined."
20189
12733
msgstr ""
20190
12734
20191
12735
#: serverguide/C/dns.xml:609(programlisting)
20192
12736
#, no-wrap
20193
msgid ""
20194
"\n"
20195
" IN NS ns.example.com.\n"
20196
"\tIN NS ns2.example.com.\n"
20197
"ns IN A 192.168.1.10\n"
20198
"ns2\tIN A\t 192.168.1.11\n"
12737
msgid "\n IN NS ns.example.com.\n\tIN NS ns2.example.com.\nns IN A 192.168.1.10\nns2\tIN A\t 192.168.1.11\n"
20199
12738
msgstr ""
20200
12739
20201
12740
#: serverguide/C/dns.xml:619(title)
20203
12742
msgstr ""
20204
12743
20205
12744
#: serverguide/C/dns.xml:620(para)
20206
msgid ""
20207
"The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS "
20208
"HOWTO</ulink> explains more advanced options for configuring BIND9."
12745
msgid "The <ulink url=\"http://www.tldp.org/HOWTO/DNS-HOWTO.html\">DNS HOWTO</ulink> explains more advanced options for configuring BIND9."
20209
12746
msgstr ""
20210
12747
20211
12748
#: serverguide/C/dns.xml:623(para)
20212
msgid ""
20213
"For in depth coverage of <emphasis>DNS</emphasis> and "
20214
"<application>BIND9</application> see <ulink "
20215
"url=\"http://www.bind9.net/\">Bind9.net</ulink>."
12749
msgid "For in depth coverage of <emphasis>DNS</emphasis> and <application>BIND9</application> see <ulink url=\"http://www.bind9.net/\">Bind9.net</ulink>."
20216
12750
msgstr ""
20217
12751
20218
12752
#: serverguide/C/dns.xml:626(para)
20219
msgid ""
20220
"<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and "
20221
"BIND</ulink> is a popular book now in it's fifth edition."
12753
msgid "<ulink url=\"http://www.oreilly.com/catalog/dns5/index.html\">DNS and BIND</ulink> is a popular book now in it's fifth edition."
20222
12754
msgstr ""
20223
12755
20224
12756
#: serverguide/C/dns.xml:629(para)
20225
msgid ""
20226
"A great place to ask for <application>BIND9</application> assistance, and "
20227
"get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-"
20228
"server</emphasis> IRC channel on <ulink "
20229
"url=\"http://freenode.net\">freenode</ulink>."
12757
msgid "A great place to ask for <application>BIND9</application> assistance, and get involved with the Ubuntu Server community, is the <emphasis>#ubuntu-server</emphasis> IRC channel on <ulink url=\"http://freenode.net\">freenode</ulink>."
20230
12758
msgstr ""
20231
12759
20232
12760
#: serverguide/C/databases.xml:13(title)
20242
12770
msgstr ""
20243
12771
20244
12772
#: serverguide/C/databases.xml:25(para)
20245
msgid ""
20246
"They are available in the main repository. This section explains how to "
20247
"install and configure these database servers."
12773
msgid "They are available in the main repository. This section explains how to install and configure these database servers."
20248
12774
msgstr ""
20249
12775
20250
12776
#: serverguide/C/databases.xml:32(para)
20251
msgid ""
20252
"MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. "
20253
"It is intended for mission-critical, heavy-load production systems as well "
20254
"as for embedding into mass-deployed software."
12777
msgid "MySQL is a fast, multi-threaded, multi-user, and robust SQL database server. It is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software."
20255
12778
msgstr ""
20256
12779
20257
12780
#: serverguide/C/databases.xml:41(para)
20263
12786
msgstr ""
20264
12787
20265
12788
#: serverguide/C/databases.xml:48(para)
20266
msgid ""
20267
"During the installation process you will be prompted to enter a password for "
20268
"the <application>MySQL</application> root user."
12789
msgid "During the installation process you will be prompted to enter a password for the <application>MySQL</application> root user."
20269
12790
msgstr ""
20270
12791
20271
12792
#: serverguide/C/databases.xml:53(para)
20272
msgid ""
20273
"Once the installation is complete, the MySQL server should be started "
20274
"automatically. You can run the following command from a terminal prompt to "
20275
"check whether the MySQL server is running:"
12793
msgid "Once the installation is complete, the MySQL server should be started automatically. You can run the following command from a terminal prompt to check whether the MySQL server is running:"
20276
12794
msgstr ""
20277
12795
20278
12796
#: serverguide/C/databases.xml:61(command)
20281
12799
20282
12800
#: serverguide/C/databases.xml:70(programlisting)
20283
12801
#, no-wrap
20284
msgid ""
20285
"\n"
20286
"tcp 0 0 localhost:mysql *:* LISTEN "
20287
" 2556/mysqld\n"
12802
msgid "\ntcp 0 0 localhost:mysql *:* LISTEN 2556/mysqld\n"
20288
12803
msgstr ""
20289
12804
20290
12805
#: serverguide/C/databases.xml:74(para)
20291
msgid ""
20292
"If the server is not running correctly, you can type the following command "
20293
"to start it:"
12806
msgid "If the server is not running correctly, you can type the following command to start it:"
20294
12807
msgstr ""
20295
12808
20296
12809
#: serverguide/C/databases.xml:79(command) serverguide/C/databases.xml:104(command)
20298
12811
msgstr ""
20299
12812
20300
12813
#: serverguide/C/databases.xml:85(para)
20301
msgid ""
20302
"You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure "
20303
"the basic settings -- log file, port number, etc. For example, to configure "
20304
"<application>MySQL</application> to listen for connections from network "
20305
"hosts, change the <emphasis>bind_address</emphasis> directive to the "
20306
"server's IP address:"
12814
msgid "You can edit the <filename>/etc/mysql/my.cnf</filename> file to configure the basic settings -- log file, port number, etc. For example, to configure <application>MySQL</application> to listen for connections from network hosts, change the <emphasis>bind_address</emphasis> directive to the server's IP address:"
20307
12815
msgstr ""
20308
12816
20309
12817
#: serverguide/C/databases.xml:91(programlisting)
20310
12818
#, no-wrap
20311
msgid ""
20312
"\n"
20313
"bind-address = 192.168.0.5\n"
12819
msgid "\nbind-address = 192.168.0.5\n"
20314
12820
msgstr ""
20315
12821
20316
12822
#: serverguide/C/databases.xml:95(para)
20318
12824
msgstr ""
20319
12825
20320
12826
#: serverguide/C/databases.xml:99(para)
20321
msgid ""
20322
"After making a change to <filename>/etc/mysql/my.cnf</filename> the "
20323
"<application>mysql</application> daemon will need to be restarted:"
12827
msgid "After making a change to <filename>/etc/mysql/my.cnf</filename> the <application>mysql</application> daemon will need to be restarted:"
20324
12828
msgstr ""
20325
12829
20326
12830
#: serverguide/C/databases.xml:107(para)
20327
msgid ""
20328
"If you would like to change the "
20329
"<application>MySQL</application><emphasis>root</emphasis> password, in a "
20330
"terminal enter:"
12831
msgid "If you would like to change the <application>MySQL</application><emphasis>root</emphasis> password, in a terminal enter:"
20331
12832
msgstr ""
20332
12833
20333
12834
#: serverguide/C/databases.xml:113(command)
20335
12836
msgstr ""
20336
12837
20337
12838
#: serverguide/C/databases.xml:116(para)
20338
msgid ""
20339
"The <application>mysql</application> daemon will be stopped, and you will be "
20340
"prompted to enter a new password."
12839
msgid "The <application>mysql</application> daemon will be stopped, and you will be prompted to enter a new password."
20341
12840
msgstr ""
20342
12841
20343
12842
#: serverguide/C/databases.xml:125(para)
20344
msgid ""
20345
"See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for "
20346
"more information."
12843
msgid "See the <ulink url=\"http://www.mysql.com/\">MySQL Home Page</ulink> for more information."
20347
12844
msgstr ""
20348
12845
20349
12846
#: serverguide/C/databases.xml:130(para)
20350
msgid ""
20351
"The <emphasis>MySQL Handbook</emphasis> is also available in the "
20352
"<application>mysql-doc-5.0</application> package. To install the package "
20353
"enter the following in a terminal:"
12847
msgid "The <emphasis>MySQL Handbook</emphasis> is also available in the <application>mysql-doc-5.0</application> package. To install the package enter the following in a terminal:"
20354
12848
msgstr ""
20355
12849
20356
12850
#: serverguide/C/databases.xml:135(command)
20358
12852
msgstr ""
20359
12853
20360
12854
#: serverguide/C/databases.xml:137(para)
20361
msgid ""
20362
"The documentation is in HTML format, to view them enter "
20363
"<command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-"
20364
"chapter/index.html</command> in your browser's address bar."
12855
msgid "The documentation is in HTML format, to view them enter <command>file:///usr/share/doc/mysql-doc-5.0/refman-5.0-en.html-chapter/index.html</command> in your browser's address bar."
20365
12856
msgstr ""
20366
12857
20367
12858
#: serverguide/C/databases.xml:143(para) serverguide/C/databases.xml:285(para)
20368
msgid ""
20369
"For general SQL information see <ulink "
20370
"url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL "
20371
"Special Edition</ulink> by Rafe Colburn."
12859
msgid "For general SQL information see <ulink url=\"http://www.informit.com/store/product.aspx?isbn=0768664128\">Using SQL Special Edition</ulink> by Rafe Colburn."
20372
12860
msgstr ""
20373
12861
20374
12862
#: serverguide/C/databases.xml:153(para)
20375
msgid ""
20376
"PostgreSQL is an object-relational database system that has the features of "
20377
"traditional commercial database systems with enhancements to be found in "
20378
"next-generation DBMS systems."
12863
msgid "PostgreSQL is an object-relational database system that has the features of traditional commercial database systems with enhancements to be found in next-generation DBMS systems."
20379
12864
msgstr ""
20380
12865
20381
12866
#: serverguide/C/databases.xml:160(para)
20382
msgid ""
20383
"To install PostgreSQL, run the following command in the command prompt:"
12867
msgid "To install PostgreSQL, run the following command in the command prompt:"
20384
12868
msgstr ""
20385
12869
20386
12870
#: serverguide/C/databases.xml:167(command)
20388
12872
msgstr ""
20389
12873
20390
12874
#: serverguide/C/databases.xml:171(para)
20391
msgid ""
20392
"Once the installation is complete, you should configure the PostgreSQL "
20393
"server based on your needs, although the default configuration is viable."
12875
msgid "Once the installation is complete, you should configure the PostgreSQL server based on your needs, although the default configuration is viable."
20394
12876
msgstr ""
20395
12877
20396
12878
#: serverguide/C/databases.xml:179(para)
20397
msgid ""
20398
"By default, connection via TCP/IP is disabled. PostgreSQL supports multiple "
20399
"client authentication methods. By default, IDENT authentication method is "
20400
"used for <application>postgres</application> and local users. Please refer "
20401
"<ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the "
20402
"PostgreSQL Administrator's Guide</ulink>."
12879
msgid "By default, connection via TCP/IP is disabled. PostgreSQL supports multiple client authentication methods. By default, IDENT authentication method is used for <application>postgres</application> and local users. Please refer <ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL Administrator's Guide</ulink>."
20403
12880
msgstr ""
20404
12881
20405
12882
#: serverguide/C/databases.xml:186(para)
20406
msgid ""
20407
"The following discussion assumes that you wish to enable TCP/IP connections "
20408
"and use the MD5 method for client authentication. PostgreSQL configuration "
20409
"files are stored in the "
20410
"<filename>/etc/postgresql/<version>/main</filename> directory. For "
20411
"example, if you install PostgreSQL 8.4, the configuration files are stored "
20412
"in the <filename>/etc/postgresql/8.4/main</filename> directory."
12883
msgid "The following discussion assumes that you wish to enable TCP/IP connections and use the MD5 method for client authentication. PostgreSQL configuration files are stored in the <filename>/etc/postgresql/<version>/main</filename> directory. For example, if you install PostgreSQL 8.4, the configuration files are stored in the <filename>/etc/postgresql/8.4/main</filename> directory."
20413
12884
msgstr ""
20414
12885
20415
12886
#: serverguide/C/databases.xml:196(para)
20416
msgid ""
20417
"To configure <emphasis>ident</emphasis> authentication, add entries to the "
20418
"<filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
12887
msgid "To configure <emphasis>ident</emphasis> authentication, add entries to the <filename>/etc/postgresql/8.4/main/pg_ident.conf</filename> file."
20419
12888
msgstr ""
20420
12889
20421
12890
#: serverguide/C/databases.xml:203(para)
20422
msgid ""
20423
"To enable TCP/IP connections, edit the file "
20424
"<filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
12891
msgid "To enable TCP/IP connections, edit the file <filename>/etc/postgresql/8.4/main/postgresql.conf</filename>"
20425
12892
msgstr ""
20426
12893
20427
12894
#: serverguide/C/databases.xml:205(para)
20428
msgid ""
20429
"Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and "
20430
"change it to:"
12895
msgid "Locate the line <emphasis>#listen_addresses = 'localhost'</emphasis> and change it to:"
20431
12896
msgstr ""
20432
12897
20433
12898
#: serverguide/C/databases.xml:208(programlisting)
20434
12899
#, no-wrap
20435
msgid ""
20436
"\n"
20437
"listen_addresses = 'localhost'\n"
12900
msgid "\nlisten_addresses = 'localhost'\n"
20438
12901
msgstr ""
20439
12902
20440
12903
#: serverguide/C/databases.xml:212(para)
20441
msgid ""
20442
"To allow other computers to connect to your "
20443
"<application>PostgreSQL</application> server replace 'localhost' with the "
20444
"<emphasis>IP Address</emphasis> of your server."
12904
msgid "To allow other computers to connect to your <application>PostgreSQL</application> server replace 'localhost' with the <emphasis>IP Address</emphasis> of your server."
20445
12905
msgstr ""
20446
12906
20447
12907
#: serverguide/C/databases.xml:217(para)
20448
msgid ""
20449
"You may also edit all other parameters, if you know what you are doing! For "
20450
"details, refer to the configuration file or to the PostgreSQL documentation."
12908
msgid "You may also edit all other parameters, if you know what you are doing! For details, refer to the configuration file or to the PostgreSQL documentation."
20451
12909
msgstr ""
20452
12910
20453
12911
#: serverguide/C/databases.xml:222(para)
20454
msgid ""
20455
"Now that we can connect to our <application>PostgreSQL</application> server, "
20456
"the next step is to set a password for the <emphasis>postgres</emphasis> "
20457
"user. Run the following command at a terminal prompt to connect to the "
20458
"default PostgreSQL template database:"
12912
msgid "Now that we can connect to our <application>PostgreSQL</application> server, the next step is to set a password for the <emphasis>postgres</emphasis> user. Run the following command at a terminal prompt to connect to the default PostgreSQL template database:"
20459
12913
msgstr ""
20460
12914
20461
12915
#: serverguide/C/databases.xml:229(command)
20463
12917
msgstr ""
20464
12918
20465
12919
#: serverguide/C/databases.xml:231(para)
20466
msgid ""
20467
"The above command connects to PostgreSQL database "
20468
"<emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once "
20469
"you connect to the PostgreSQL server, you will be at a SQL prompt. You can "
20470
"run the following SQL command at the <application>psql</application> prompt "
20471
"to configure the password for the user <emphasis "
20472
"role=\"italics\">postgres</emphasis>."
12920
msgid "The above command connects to PostgreSQL database <emphasis>template1</emphasis> as user <emphasis>postgres</emphasis>. Once you connect to the PostgreSQL server, you will be at a SQL prompt. You can run the following SQL command at the <application>psql</application> prompt to configure the password for the user <emphasis role=\"italics\">postgres</emphasis>."
20473
12921
msgstr ""
20474
12922
20475
12923
#: serverguide/C/databases.xml:239(command)
20477
12925
msgstr ""
20478
12926
20479
12927
#: serverguide/C/databases.xml:241(para)
20480
msgid ""
20481
"After configuring the password, edit the file "
20482
"<filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use "
20483
"<emphasis>MD5</emphasis> authentication with the "
20484
"<emphasis>postgres</emphasis> user:"
12928
msgid "After configuring the password, edit the file <filename>/etc/postgresql/8.4/main/pg_hba.conf</filename> to use <emphasis>MD5</emphasis> authentication with the <emphasis>postgres</emphasis> user:"
20485
12929
msgstr ""
20486
12930
20487
12931
#: serverguide/C/databases.xml:247(programlisting)
20488
12932
#, no-wrap
20489
msgid ""
20490
"\n"
20491
"local all postgres md5 sameuser\n"
12933
msgid "\nlocal all postgres md5\n"
20492
12934
msgstr ""
20493
12935
20494
12936
#: serverguide/C/databases.xml:251(para)
20495
msgid ""
20496
"Finally, you should restart the <application>PostgreSQL</application> "
20497
"service to initialize the new configuration. From a terminal prompt enter "
20498
"the following to restart <application>PostgreSQL</application>:"
12937
msgid "Finally, you should restart the <application>PostgreSQL</application> service to initialize the new configuration. From a terminal prompt enter the following to restart <application>PostgreSQL</application>:"
20499
12938
msgstr ""
20500
12939
20501
12940
#: serverguide/C/databases.xml:257(command)
20503
12942
msgstr ""
20504
12943
20505
12944
#: serverguide/C/databases.xml:260(para)
20506
msgid ""
20507
"The above configuration is not complete by any means. Please refer <ulink "
20508
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL "
20509
"Administrator's Guide</ulink> to configure more parameters."
12945
msgid "The above configuration is not complete by any means. Please refer <ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\"> the PostgreSQL Administrator's Guide</ulink> to configure more parameters."
20510
12946
msgstr ""
20511
12947
20512
12948
#: serverguide/C/databases.xml:271(para)
20513
msgid ""
20514
"As mentioned above the <ulink "
20515
"url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's "
20516
"Guide</ulink> is an excellent resource. The guide is also available in the "
20517
"<application>postgresql-doc-8.4</application> package. Execute the following "
20518
"in a terminal to install the package:"
12949
msgid "As mentioned above the <ulink url=\"http://www.postgresql.org/docs/8.4/static/admin.html\">Administrator's Guide</ulink> is an excellent resource. The guide is also available in the <application>postgresql-doc-8.4</application> package. Execute the following in a terminal to install the package:"
20519
12950
msgstr ""
20520
12951
20521
12952
#: serverguide/C/databases.xml:277(command)
20523
12954
msgstr ""
20524
12955
20525
12956
#: serverguide/C/databases.xml:279(para)
20526
msgid ""
20527
"To view the guide enter <command>file:///usr/share/doc/postgresql-doc-"
20528
"8.4/html/index.html</command> into the address bar of your browser."
12957
msgid "To view the guide enter <command>file:///usr/share/doc/postgresql-doc-8.4/html/index.html</command> into the address bar of your browser."
20529
12958
msgstr ""
20530
12959
20531
12960
#: serverguide/C/clustering.xml:13(title)
20537
12966
msgstr ""
20538
12967
20539
12968
#: serverguide/C/clustering.xml:18(para)
20540
msgid ""
20541
"Distributed Replicated Block Device (DRBD) mirrors block devices between "
20542
"multiple hosts. The replication is transparent to other applications on the "
20543
"host systems. Any block device hard disks, partitions, RAID devices, logical "
20544
"volumes, etc can be mirrored."
12969
msgid "Distributed Replicated Block Device (DRBD) mirrors block devices between multiple hosts. The replication is transparent to other applications on the host systems. Any block device hard disks, partitions, RAID devices, logical volumes, etc can be mirrored."
20545
12970
msgstr ""
20546
12971
20547
12972
#: serverguide/C/clustering.xml:24(para)
20548
msgid ""
20549
"To get started using <application>drbd</application>, first install the "
20550
"necessary packages. From a terminal enter:"
12973
msgid "To get started using <application>drbd</application>, first install the necessary packages. From a terminal enter:"
20551
12974
msgstr ""
20552
12975
20553
12976
#: serverguide/C/clustering.xml:29(command)
20555
12978
msgstr ""
20556
12979
20557
12980
#: serverguide/C/clustering.xml:33(para)
20558
msgid ""
20559
"If you are using the <emphasis>virtual kernel</emphasis> as part of a "
20560
"virtual machine you will need to manually compile the "
20561
"<application>drbd</application> module. It may be easier to install the "
20562
"<application>linux-server</application> package inside the virtual machine."
12981
msgid "If you are using the <emphasis>virtual kernel</emphasis> as part of a virtual machine you will need to manually compile the <application>drbd</application> module. It may be easier to install the <application>linux-server</application> package inside the virtual machine."
20563
12982
msgstr ""
20564
12983
20565
12984
#: serverguide/C/clustering.xml:40(para)
20566
msgid ""
20567
"This section covers setting up a <application>drbd</application> to "
20568
"replicate a separate <filename>/srv</filename> partition, with an "
20569
"<application>ext3</application> filesystem between two hosts. The partition "
20570
"size is not particularly relevant, but both partitions need to be the same "
20571
"size."
12985
msgid "This section covers setting up a <application>drbd</application> to replicate a separate <filename>/srv</filename> partition, with an <application>ext3</application> filesystem between two hosts. The partition size is not particularly relevant, but both partitions need to be the same size."
20572
12986
msgstr ""
20573
12987
20574
12988
#: serverguide/C/clustering.xml:49(para)
20575
msgid ""
20576
"The two hosts in this example will be called <emphasis>drbd01</emphasis> and "
20577
"<emphasis>drbd02</emphasis>. They will need to have name resolution "
20578
"configured either through DNS or the <filename>/etc/hosts</filename> file. "
20579
"See <xref linkend=\"dns\"/> for details."
12989
msgid "The two hosts in this example will be called <emphasis>drbd01</emphasis> and <emphasis>drbd02</emphasis>. They will need to have name resolution configured either through DNS or the <filename>/etc/hosts</filename> file. See <xref linkend=\"dns\"/> for details."
20580
12990
msgstr ""
20581
12991
20582
12992
#: serverguide/C/clustering.xml:57(para)
20583
msgid ""
20584
"To configure <application>drbd</application>, on the first host edit "
20585
"<filename>/etc/drbd.conf</filename>:"
12993
msgid "To configure <application>drbd</application>, on the first host edit <filename>/etc/drbd.conf</filename>:"
20586
12994
msgstr ""
20587
12995
20588
12996
#: serverguide/C/clustering.xml:61(programlisting)
20589
12997
#, no-wrap
20590
msgid ""
20591
"\n"
20592
"global { usage-count no; }\n"
20593
"common { syncer { rate 100M; } }\n"
20594
"resource r0 {\n"
20595
" protocol C;\n"
20596
" startup {\n"
20597
" wfc-timeout 15;\n"
20598
" degr-wfc-timeout 60;\n"
20599
" }\n"
20600
" net {\n"
20601
" cram-hmac-alg sha1;\n"
20602
" shared-secret \"secret\";\n"
20603
" }\n"
20604
" on drbd01 {\n"
20605
" device /dev/drbd0;\n"
20606
" disk /dev/sdb1;\n"
20607
" address 192.168.0.1:7788;\n"
20608
" meta-disk internal;\n"
20609
" }\n"
20610
" on drbd02 {\n"
20611
" device /dev/drbd0;\n"
20612
" disk /dev/sdb1;\n"
20613
" address 192.168.0.2:7788;\n"
20614
" meta-disk internal;\n"
20615
" }\n"
20616
"} \n"
12998
msgid "\nglobal { usage-count no; }\ncommon { syncer { rate 100M; } }\nresource r0 {\n protocol C;\n startup {\n wfc-timeout 15;\n degr-wfc-timeout 60;\n }\n net {\n cram-hmac-alg sha1;\n shared-secret \"secret\";\n }\n on drbd01 {\n device /dev/drbd0;\n disk /dev/sdb1;\n address 192.168.0.1:7788;\n meta-disk internal;\n }\n on drbd02 {\n device /dev/drbd0;\n disk /dev/sdb1;\n address 192.168.0.2:7788;\n meta-disk internal;\n }\n} \n"
20617
12999
msgstr ""
20618
13000
20619
13001
#: serverguide/C/clustering.xml:90(para)
20620
msgid ""
20621
"There are many other options in <filename>/etc/drbd.conf</filename>, but for "
20622
"this example their default values are fine."
13002
msgid "There are many other options in <filename>/etc/drbd.conf</filename>, but for this example their default values are fine."
20623
13003
msgstr ""
20624
13004
20625
13005
#: serverguide/C/clustering.xml:98(para)
20631
13011
msgstr ""
20632
13012
20633
13013
#: serverguide/C/clustering.xml:109(para)
20634
msgid ""
20635
"And, on <emphasis>drbd02</emphasis> move the file to "
20636
"<filename>/etc</filename>:"
13014
msgid "And, on <emphasis>drbd02</emphasis> move the file to <filename>/etc</filename>:"
20637
13015
msgstr ""
20638
13016
20639
13017
#: serverguide/C/clustering.xml:114(command)
20641
13019
msgstr ""
20642
13020
20643
13021
#: serverguide/C/clustering.xml:120(para)
20644
msgid ""
20645
"Next, on both hosts, start the <application>drbd</application> daemon:"
13022
msgid "Next, on both hosts, start the <application>drbd</application> daemon:"
20646
13023
msgstr ""
20647
13024
20648
13025
#: serverguide/C/clustering.xml:125(command)
20650
13027
msgstr ""
20651
13028
20652
13029
#: serverguide/C/clustering.xml:131(para)
20653
msgid ""
20654
"Now using the <application>drbdadm</application> utility initialize the meta "
20655
"data storage. On each server execute:"
13030
msgid "Now using the <application>drbdadm</application> utility initialize the meta data storage. On each server execute:"
20656
13031
msgstr ""
20657
13032
20658
13033
#: serverguide/C/clustering.xml:137(command)
20660
13035
msgstr ""
20661
13036
20662
13037
#: serverguide/C/clustering.xml:143(para)
20663
msgid ""
20664
"On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the "
20665
"primary, enter the following:"
13038
msgid "On the <emphasis>drbd01</emphasis>, or whichever host you wish to be the primary, enter the following:"
20666
13039
msgstr ""
20667
13040
20668
13041
#: serverguide/C/clustering.xml:148(command)
20670
13043
msgstr ""
20671
13044
20672
13045
#: serverguide/C/clustering.xml:154(para)
20673
msgid ""
20674
"After executing the above command, the data will start syncing with the "
20675
"secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter "
20676
"the following:"
13046
msgid "After executing the above command, the data will start syncing with the secondary host. To watch the progresss, on <emphasis>drbd02</emphasis> enter the following:"
20677
13047
msgstr ""
20678
13048
20679
13049
#: serverguide/C/clustering.xml:160(command)
20685
13055
msgstr ""
20686
13056
20687
13057
#: serverguide/C/clustering.xml:170(para)
20688
msgid ""
20689
"Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
13058
msgid "Finally, add a filesystem to <filename>/dev/drbd0</filename> and mount it:"
20690
13059
msgstr ""
20691
13060
20692
13061
#: serverguide/C/clustering.xml:175(command)
20698
13067
msgstr ""
20699
13068
20700
13069
#: serverguide/C/clustering.xml:186(para)
20701
msgid ""
20702
"To test that the data is actually syncing between the hosts copy some files "
20703
"on the <emphasis>drbd01</emphasis>, the primary, to "
20704
"<filename>/srv</filename>:"
13070
msgid "To test that the data is actually syncing between the hosts copy some files on the <emphasis>drbd01</emphasis>, the primary, to <filename>/srv</filename>:"
20705
13071
msgstr ""
20706
13072
20707
13073
#: serverguide/C/clustering.xml:195(para)
20709
13075
msgstr ""
20710
13076
20711
13077
#: serverguide/C/clustering.xml:203(para)
20712
msgid ""
20713
"<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the "
20714
"<emphasis>secondary</emphasis> role:"
13078
msgid "<emphasis>Demote</emphasis> the <emphasis>primary</emphasis> server to the <emphasis>secondary</emphasis> role:"
20715
13079
msgstr ""
20716
13080
20717
13081
#: serverguide/C/clustering.xml:208(command)
20719
13083
msgstr ""
20720
13084
20721
13085
#: serverguide/C/clustering.xml:211(para)
20722
msgid ""
20723
"Now on the <emphasis>secondary</emphasis> server "
20724
"<emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
13086
msgid "Now on the <emphasis>secondary</emphasis> server <emphasis>promote</emphasis> it to the <emphasis>primary</emphasis> role:"
20725
13087
msgstr ""
20726
13088
20727
13089
#: serverguide/C/clustering.xml:216(command)
20733
13095
msgstr ""
20734
13096
20735
13097
#: serverguide/C/clustering.xml:227(para)
20736
msgid ""
20737
"Using <emphasis>ls</emphasis> you should see "
20738
"<filename>/srv/default</filename> copied from the former "
20739
"<emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
13098
msgid "Using <emphasis>ls</emphasis> you should see <filename>/srv/default</filename> copied from the former <emphasis>primary</emphasis> host <emphasis>drbd01</emphasis>."
20740
13099
msgstr ""
20741
13100
20742
13101
#: serverguide/C/clustering.xml:238(para)
20743
msgid ""
20744
"For more information on <application>DRBD</application> see the <ulink "
20745
"url=\"http://www.drbd.org/\">DRBD web site</ulink>."
13102
msgid "For more information on <application>DRBD</application> see the <ulink url=\"http://www.drbd.org/\">DRBD web site</ulink>."
20746
13103
msgstr ""
20747
13104
20748
13105
#: serverguide/C/clustering.xml:243(para)
20749
msgid ""
20750
"The <ulink "
20751
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">d"
20752
"rbd.conf man page</ulink> contains details on the options not covered in "
20753
"this guide."
13106
msgid "The <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man5/drbd.conf.5.html\">drbd.conf man page</ulink> contains details on the options not covered in this guide."
20754
13107
msgstr ""
20755
13108
20756
13109
#: serverguide/C/clustering.xml:249(para)
20757
msgid ""
20758
"Also, see the <ulink "
20759
"url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drb"
20760
"dadm man page</ulink>."
13110
msgid "Also, see the <ulink url=\"http://manpages.ubuntu.com/manpages/jaunty/en/man8/drbdadm.8.html\">drbdadm man page</ulink>."
20761
13111
msgstr ""
20762
13112
20763
13113
#: serverguide/C/chat.xml:13(title)
20765
13115
msgstr ""
20766
13116
20767
13117
#: serverguide/C/chat.xml:19(para)
20768
msgid ""
20769
"In this section, we will discuss how to install and configure a IRC server, "
20770
"<application>ircd-irc2</application>. We will also discuss how to install "
20771
"and configure Jabber, an instance messaging server."
13118
msgid "In this section, we will discuss how to install and configure a IRC server, <application>ircd-irc2</application>. We will also discuss how to install and configure Jabber, an instance messaging server."
20772
13119
msgstr ""
20773
13120
20774
13121
#: serverguide/C/chat.xml:28(title)
20776
13123
msgstr ""
20777
13124
20778
13125
#: serverguide/C/chat.xml:30(para)
20779
msgid ""
20780
"The Ubuntu repository has many Internet Relay Chat servers. This section "
20781
"explains how to install and configure the original IRC server "
20782
"<application>ircd-irc2</application>."
13126
msgid "The Ubuntu repository has many Internet Relay Chat servers. This section explains how to install and configure the original IRC server <application>ircd-irc2</application>."
20783
13127
msgstr ""
20784
13128
20785
13129
#: serverguide/C/chat.xml:39(para)
20786
msgid ""
20787
"To install <application>ircd-irc2</application>, run the following command "
20788
"in the command prompt:"
13130
msgid "To install <application>ircd-irc2</application>, run the following command in the command prompt:"
20789
13131
msgstr ""
20790
13132
20791
13133
#: serverguide/C/chat.xml:45(command)
20793
13135
msgstr ""
20794
13136
20795
13137
#: serverguide/C/chat.xml:48(para)
20796
msgid ""
20797
"The configuration files are stored in <filename>/etc/ircd</filename> "
20798
"directory. The documents are available in <filename>/usr/share/doc/ircd-"
20799
"irc2</filename> directory."
13138
msgid "The configuration files are stored in <filename>/etc/ircd</filename> directory. The documents are available in <filename>/usr/share/doc/ircd-irc2</filename> directory."
20800
13139
msgstr ""
20801
13140
20802
13141
#: serverguide/C/chat.xml:59(para)
20803
msgid ""
20804
"The IRC settings can be done in the configuration file "
20805
"<filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in "
20806
"this file by editing the following line:"
13142
msgid "The IRC settings can be done in the configuration file <filename>/etc/ircd/ircd.conf</filename>. You can set the IRC host name in this file by editing the following line:"
20807
13143
msgstr ""
20808
13144
20809
13145
#: serverguide/C/chat.xml:64(programlisting)
20810
13146
#, no-wrap
20811
msgid ""
20812
"\n"
20813
"M:irc.localhost::Debian ircd default configuration::000A\n"
13147
msgid "\nM:irc.localhost::Debian ircd default configuration::000A\n"
20814
13148
msgstr ""
20815
13149
20816
13150
#: serverguide/C/chat.xml:68(para)
20817
msgid ""
20818
"Please make sure you add DNS aliases for the IRC host name. For instance, if "
20819
"you set irc.livecipher.com as IRC host name, please make sure "
20820
"irc.livecipher.com is resolvable in your Domain Name Server. The IRC host "
20821
"name should not be same as the host name."
13151
msgid "Please make sure you add DNS aliases for the IRC host name. For instance, if you set irc.livecipher.com as IRC host name, please make sure irc.livecipher.com is resolvable in your Domain Name Server. The IRC host name should not be same as the host name."
20822
13152
msgstr ""
20823
13153
20824
13154
#: serverguide/C/chat.xml:75(para)
20825
msgid ""
20826
"The IRC admin details can be configured by editting the following line:"
13155
msgid "The IRC admin details can be configured by editting the following line:"
20827
13156
msgstr ""
20828
13157
20829
13158
#: serverguide/C/chat.xml:80(programlisting)
20830
13159
#, no-wrap
20831
msgid ""
20832
"\n"
20833
"A:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client "
20834
"Server::IRCnet:\n"
13160
msgid "\nA:Organization, IRC dept.:Daemon <ircd@example.irc.org>:Client Server::IRCnet:\n"
20835
13161
msgstr ""
20836
13162
20837
13163
#: serverguide/C/chat.xml:84(para)
20838
msgid ""
20839
"You should add specific lines to configure the list of IRC ports to listen "
20840
"on, to configure Operator credentials, to configure client authentication, "
20841
"etc. For details, please refer to the example configuration file "
20842
"<filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
13164
msgid "You should add specific lines to configure the list of IRC ports to listen on, to configure Operator credentials, to configure client authentication, etc. For details, please refer to the example configuration file <filename>/usr/share/doc/ircd-irc2/ircd.conf.example.gz</filename>."
20843
13165
msgstr ""
20844
13166
20845
13167
#: serverguide/C/chat.xml:92(para)
20846
msgid ""
20847
"The IRC banner to be displayed in the IRC client, when the user connects to "
20848
"the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
13168
msgid "The IRC banner to be displayed in the IRC client, when the user connects to the server can be set in <filename>/etc/ircd/ircd.motd</filename> file."
20849
13169
msgstr ""
20850
13170
20851
13171
#: serverguide/C/chat.xml:97(para)
20852
msgid ""
20853
"After making necessary changes to the configuration file, you can restart "
20854
"the IRC server using following command:"
13172
msgid "After making necessary changes to the configuration file, you can restart the IRC server using following command:"
20855
13173
msgstr ""
20856
13174
20857
13175
#: serverguide/C/chat.xml:101(programlisting)
20858
13176
#, no-wrap
20859
msgid ""
20860
"\n"
20861
"sudo /etc/init.d/ircd-irc2 restart\n"
13177
msgid "\nsudo /etc/init.d/ircd-irc2 restart\n"
20862
13178
msgstr ""
20863
13179
20864
13180
#: serverguide/C/chat.xml:109(para)
20865
msgid ""
20866
"You may also be interested to take a look at other IRC servers available in "
20867
"Ubuntu Repository. It includes, <application>ircd-ircu</application> and "
20868
"<application>ircd-hybrid</application>."
13181
msgid "You may also be interested to take a look at other IRC servers available in Ubuntu Repository. It includes, <application>ircd-ircu</application> and <application>ircd-hybrid</application>."
20869
13182
msgstr ""
20870
13183
20871
13184
#: serverguide/C/chat.xml:117(para)
20872
msgid ""
20873
"Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD "
20874
"FAQ</ulink> for more details about the IRC Server."
13185
msgid "Refer to <ulink url=\"http://www.irc.org/tech_docs/ircnet/faq.html\">IRCD FAQ</ulink> for more details about the IRC Server."
20875
13186
msgstr ""
20876
13187
20877
13188
#: serverguide/C/chat.xml:127(title)
20879
13190
msgstr ""
20880
13191
20881
13192
#: serverguide/C/chat.xml:129(para)
20882
msgid ""
20883
"<emphasis>Jabber</emphasis> a popular instant message protocol is based on "
20884
"XMPP, an open standard for instant messaging, and used by many popular "
20885
"applications. This section covers setting up a <emphasis>Jabberd "
20886
"2</emphasis> server on a local LAN. This configuration can also be adapted "
20887
"to providing messaging services to users over the Internet."
13193
msgid "<emphasis>Jabber</emphasis> a popular instant message protocol is based on XMPP, an open standard for instant messaging, and used by many popular applications. This section covers setting up a <emphasis>Jabberd 2</emphasis> server on a local LAN. This configuration can also be adapted to providing messaging services to users over the Internet."
20888
13194
msgstr ""
20889
13195
20890
13196
#: serverguide/C/chat.xml:138(para)
20896
13202
msgstr ""
20897
13203
20898
13204
#: serverguide/C/chat.xml:150(para)
20899
msgid ""
20900
"A couple of XML configuration files will be used to configure "
20901
"<application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user "
20902
"authentication. This is a very simple form of authentication. However, "
20903
"<application>jabberd2</application> can be configured to use LDAP, MySQL, "
20904
"Postgresql, etc for for user authentication."
13205
msgid "A couple of XML configuration files will be used to configure <application>jabberd2</application> for <emphasis>Berkely DB</emphasis> user authentication. This is a very simple form of authentication. However, <application>jabberd2</application> can be configured to use LDAP, MySQL, Postgresql, etc for for user authentication."
20905
13206
msgstr ""
20906
13207
20907
13208
#: serverguide/C/chat.xml:157(para)
20910
13211
20911
13212
#: serverguide/C/chat.xml:161(programlisting)
20912
13213
#, no-wrap
20913
msgid ""
20914
"\n"
20915
" <id>jabber.example.com</id>\n"
13214
msgid "\n <id>jabber.example.com</id>\n"
20916
13215
msgstr ""
20917
13216
20918
13217
#: serverguide/C/chat.xml:166(para)
20919
msgid ""
20920
"Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other "
20921
"id, of your server."
13218
msgid "Replace <emphasis>jabber.example.com</emphasis> with the hostname, or other id, of your server."
20922
13219
msgstr ""
20923
13220
20924
13221
#: serverguide/C/chat.xml:171(para)
20927
13224
20928
13225
#: serverguide/C/chat.xml:175(programlisting)
20929
13226
#, no-wrap
20930
msgid ""
20931
"\n"
20932
" <driver>db</driver>\n"
13227
msgid "\n <driver>db</driver>\n"
20933
13228
msgstr ""
20934
13229
20935
13230
#: serverguide/C/chat.xml:179(para)
20936
msgid ""
20937
"Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the "
20938
"<emphasis><local></emphasis> section change:"
13231
msgid "Next, edit <filename>/etc/jabberd2/c2s.xml</filename> in the <emphasis><local></emphasis> section change:"
20939
13232
msgstr ""
20940
13233
20941
13234
#: serverguide/C/chat.xml:183(programlisting)
20942
13235
#, no-wrap
20943
msgid ""
20944
"\n"
20945
" <id>jabber.example.com</id>\n"
13236
msgid "\n <id>jabber.example.com</id>\n"
20946
13237
msgstr ""
20947
13238
20948
13239
#: serverguide/C/chat.xml:187(para)
20949
msgid ""
20950
"And in the <authreg> section adjust the <module> section to:"
13240
msgid "And in the <authreg> section adjust the <module> section to:"
20951
13241
msgstr ""
20952
13242
20953
13243
#: serverguide/C/chat.xml:191(programlisting)
20954
13244
#, no-wrap
20955
msgid ""
20956
"\n"
20957
" <module>db</module>\n"
13245
msgid "\n <module>db</module>\n"
20958
13246
msgstr ""
20959
13247
20960
13248
#: serverguide/C/chat.xml:195(para)
20961
msgid ""
20962
"Finally, restart <application>jabberd2</application> to enable the new "
20963
"settings:"
13249
msgid "Finally, restart <application>jabberd2</application> to enable the new settings:"
20964
13250
msgstr ""
20965
13251
20966
13252
#: serverguide/C/chat.xml:200(command)
20968
13254
msgstr ""
20969
13255
20970
13256
#: serverguide/C/chat.xml:203(para)
20971
msgid ""
20972
"You should now be able to connect to the server using a Jabber client like "
20973
"<application>Pidgin</application> for example."
13257
msgid "You should now be able to connect to the server using a Jabber client like <application>Pidgin</application> for example."
20974
13258
msgstr ""
20975
13259
20976
13260
#: serverguide/C/chat.xml:208(para)
20977
msgid ""
20978
"The advantage of using Berkeley DB for user data is that after being "
20979
"configured no additional maintenance is required. If you need more control "
20980
"over user accounts and credentials another authentication method is "
20981
"recommended."
13261
msgid "The advantage of using Berkeley DB for user data is that after being configured no additional maintenance is required. If you need more control over user accounts and credentials another authentication method is recommended."
20982
13262
msgstr ""
20983
13263
20984
13264
#: serverguide/C/chat.xml:220(para)
20985
msgid ""
20986
"The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web "
20987
"Site</ulink> contains more details on configuring "
20988
"<application>Jabberd2</application>."
13265
msgid "The <ulink url=\"http://codex.xiaoka.com/wiki/jabberd2:start\">Jabberd2 Web Site</ulink> contains more details on configuring <application>Jabberd2</application>."
20989
13266
msgstr ""
20990
13267
20991
13268
#: serverguide/C/chat.xml:226(para)
20992
msgid ""
20993
"For more authentication options see the <ulink "
20994
"url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install "
20995
"Guide</ulink>."
13269
msgid "For more authentication options see the <ulink url=\"http://jabberd2.xiaoka.com/wiki/InstallGuide\">Jabberd2 Install Guide</ulink>."
20996
13270
msgstr ""
20997
13271
20998
13272
#: serverguide/C/backups.xml:13(title)
21000
13274
msgstr ""
21001
13275
21002
13276
#: serverguide/C/backups.xml:14(para)
21003
msgid ""
21004
"There are many ways to backup an Ubuntu installation. The most important "
21005
"thing about backups is to develop a <emphasis>backup plan</emphasis> "
21006
"consisting of what to backup, where to back it up to, and how to restore it."
13277
msgid "There are many ways to backup an Ubuntu installation. The most important thing about backups is to develop a <emphasis>backup plan</emphasis> consisting of what to backup, where to back it up to, and how to restore it."
21007
13278
msgstr ""
21008
13279
21009
13280
#: serverguide/C/backups.xml:18(para)
21010
msgid ""
21011
"The following sections discuss various ways of accomplishing these tasks."
13281
msgid "The following sections discuss various ways of accomplishing these tasks."
21012
13282
msgstr ""
21013
13283
21014
13284
#: serverguide/C/backups.xml:22(title)
21016
13286
msgstr ""
21017
13287
21018
13288
#: serverguide/C/backups.xml:23(para)
21019
msgid ""
21020
"One of the simplest ways to backup a system is using a <emphasis>shell "
21021
"script</emphasis>. For example, a script can be used to configure which "
21022
"directories to backup, and use those directories as arguments to the "
21023
"<application>tar</application> utility creating an archive file. The archive "
21024
"file can then be moved or copied to another location. The archive can also "
21025
"be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
13289
msgid "One of the simplest ways to backup a system is using a <emphasis>shell script</emphasis>. For example, a script can be used to configure which directories to backup, and use those directories as arguments to the <application>tar</application> utility creating an archive file. The archive file can then be moved or copied to another location. The archive can also be created on a remote file system such as an <emphasis>NFS</emphasis> mount."
21026
13290
msgstr ""
21027
13291
21028
13292
#: serverguide/C/backups.xml:29(para)
21029
msgid ""
21030
"The <application>tar</application> utility creates one archive file out of "
21031
"many files or directories. <application>tar</application> can also filter "
21032
"the files through compression utilities reducing the size of the archive "
21033
"file."
13293
msgid "The <application>tar</application> utility creates one archive file out of many files or directories. <application>tar</application> can also filter the files through compression utilities reducing the size of the archive file."
21034
13294
msgstr ""
21035
13295
21036
13296
#: serverguide/C/backups.xml:35(title)
21038
13298
msgstr ""
21039
13299
21040
13300
#: serverguide/C/backups.xml:36(para)
21041
msgid ""
21042
"The following shell script uses <application>tar</application> to create an "
21043
"archive file on a remotely mounted NFS file system. The archive filename is "
21044
"determined using additional command line utilities."
13301
msgid "The following shell script uses <application>tar</application> to create an archive file on a remotely mounted NFS file system. The archive filename is determined using additional command line utilities."
21045
13302
msgstr ""
21046
13303
21047
13304
#: serverguide/C/backups.xml:40(programlisting)
21048
13305
#, no-wrap
21049
msgid ""
21050
"\n"
21051
"#!/bin/sh\n"
21052
"####################################\n"
21053
"#\n"
21054
"# Backup to NFS mount script.\n"
21055
"#\n"
21056
"####################################\n"
21057
"\n"
21058
"# What to backup. \n"
21059
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
21060
"\n"
21061
"# Where to backup to.\n"
21062
"dest=\"/mnt/backup\"\n"
21063
"\n"
21064
"# Create archive filename.\n"
21065
"day=$(date +%A)\n"
21066
"hostname=$(hostname -s)\n"
21067
"archive_file=\"$hostname-$day.tgz\"\n"
21068
"\n"
21069
"# Print start status message.\n"
21070
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
21071
"date\n"
21072
"echo\n"
21073
"\n"
21074
"# Backup the files using tar.\n"
21075
"tar czf $dest/$archive_file $backup_files\n"
21076
"\n"
21077
"# Print end status message.\n"
21078
"echo\n"
21079
"echo \"Backup finished\"\n"
21080
"date\n"
21081
"\n"
21082
"# Long listing of files in $dest to check file sizes.\n"
21083
"ls -lh $dest\n"
13306
msgid "\n#!/bin/sh\n####################################\n#\n# Backup to NFS mount script.\n#\n####################################\n\n# What to backup. \nbackup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n\n# Where to backup to.\ndest=\"/mnt/backup\"\n\n# Create archive filename.\nday=$(date +%A)\nhostname=$(hostname -s)\narchive_file=\"$hostname-$day.tgz\"\n\n# Print start status message.\necho \"Backing up $backup_files to $dest/$archive_file\"\ndate\necho\n\n# Backup the files using tar.\ntar czf $dest/$archive_file $backup_files\n\n# Print end status message.\necho\necho \"Backup finished\"\ndate\n\n# Long listing of files in $dest to check file sizes.\nls -lh $dest\n"
21084
13307
msgstr ""
21085
13308
21086
13309
#: serverguide/C/backups.xml:77(para)
21087
msgid ""
21088
"<emphasis>$backup_files:</emphasis> a variable listing which directories you "
21089
"would like to backup. The list should be customized to fit your needs."
13310
msgid "<emphasis>$backup_files:</emphasis> a variable listing which directories you would like to backup. The list should be customized to fit your needs."
21090
13311
msgstr ""
21091
13312
21092
13313
#: serverguide/C/backups.xml:83(para)
21093
msgid ""
21094
"<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, "
21095
"Tuesday, Wednesday, etc). This is used to create an archive file for each "
21096
"day of the week, giving a backup history of seven days. There are other ways "
21097
"to accomplish this including other ways using the "
21098
"<application>date</application> utility."
13314
msgid "<emphasis>$day:</emphasis> a variable holding the day of the week (Monday, Tuesday, Wednesday, etc). This is used to create an archive file for each day of the week, giving a backup history of seven days. There are other ways to accomplish this including other ways using the <application>date</application> utility."
21099
13315
msgstr ""
21100
13316
21101
13317
#: serverguide/C/backups.xml:90(para)
21102
msgid ""
21103
"<emphasis>$hostname:</emphasis> variable containing the "
21104
"<emphasis>short</emphasis> hostname of the system. Using the hostname in the "
21105
"archive filename gives you the option of placing daily archive files from "
21106
"multiple systems in the same directory."
13318
msgid "<emphasis>$hostname:</emphasis> variable containing the <emphasis>short</emphasis> hostname of the system. Using the hostname in the archive filename gives you the option of placing daily archive files from multiple systems in the same directory."
21107
13319
msgstr ""
21108
13320
21109
13321
#: serverguide/C/backups.xml:97(para)
21111
13323
msgstr ""
21112
13324
21113
13325
#: serverguide/C/backups.xml:102(para)
21114
msgid ""
21115
"<emphasis>$dest:</emphasis> destination of the archive file. The directory "
21116
"needs to be created and in this case <emphasis>mounted</emphasis> before "
21117
"executing the backup script. See <xref linkend=\"network-file-system\"/> for "
21118
"details using <emphasis>NFS</emphasis>."
13326
msgid "<emphasis>$dest:</emphasis> destination of the archive file. The directory needs to be created and in this case <emphasis>mounted</emphasis> before executing the backup script. See <xref linkend=\"network-file-system\"/> for details using <emphasis>NFS</emphasis>."
21119
13327
msgstr ""
21120
13328
21121
13329
#: serverguide/C/backups.xml:109(para)
21122
msgid ""
21123
"<emphasis>status messages:</emphasis> optional messages printed to the "
21124
"console using the <application>echo</application> utility."
13330
msgid "<emphasis>status messages:</emphasis> optional messages printed to the console using the <application>echo</application> utility."
21125
13331
msgstr ""
21126
13332
21127
13333
#: serverguide/C/backups.xml:115(para)
21128
msgid ""
21129
"<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the "
21130
"<application>tar</application> command used to create the archive file."
13334
msgid "<emphasis>tar czf $dest/$archive_file $backup_files:</emphasis> the <application>tar</application> command used to create the archive file."
21131
13335
msgstr ""
21132
13336
21133
13337
#: serverguide/C/backups.xml:121(para)
21135
13339
msgstr ""
21136
13340
21137
13341
#: serverguide/C/backups.xml:126(para)
21138
msgid ""
21139
"<emphasis>z:</emphasis> filter the archive through the "
21140
"<application>gzip</application> utility compressing the archive."
13342
msgid "<emphasis>z:</emphasis> filter the archive through the <application>gzip</application> utility compressing the archive."
21141
13343
msgstr ""
21142
13344
21143
13345
#: serverguide/C/backups.xml:131(para)
21144
msgid ""
21145
"<emphasis>f:</emphasis> use archive file. Otherwise the "
21146
"<application>tar</application> output will be sent to STDOUT."
13346
msgid "<emphasis>f:</emphasis> use archive file. Otherwise the <application>tar</application> output will be sent to STDOUT."
21147
13347
msgstr ""
21148
13348
21149
13349
#: serverguide/C/backups.xml:138(para)
21150
msgid ""
21151
"<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-"
21152
"l</emphasis> long listing in <emphasis>-h</emphasis> human readable format "
21153
"of the destination directory. This is useful for a quick file size check of "
21154
"the archive file. This check should not replace testing the archive file."
13350
msgid "<emphasis>ls -lh $dest:</emphasis> optional statement prints a <emphasis>-l</emphasis> long listing in <emphasis>-h</emphasis> human readable format of the destination directory. This is useful for a quick file size check of the archive file. This check should not replace testing the archive file."
21155
13351
msgstr ""
21156
13352
21157
13353
#: serverguide/C/backups.xml:145(para)
21158
msgid ""
21159
"This is a simple example of a backup shell script. There are large amount of "
21160
"options that can be included in a backup script. See <xref linkend=\"backup-"
21161
"shellscript-references\"/> for links to resources providing more in depth "
21162
"shell scripting information."
13354
msgid "This is a simple example of a backup shell script. There are large amount of options that can be included in a backup script. See <xref linkend=\"backup-shellscript-references\"/> for links to resources providing more in depth shell scripting information."
21163
13355
msgstr ""
21164
13356
21165
13357
#: serverguide/C/backups.xml:152(title)
21171
13363
msgstr ""
21172
13364
21173
13365
#: serverguide/C/backups.xml:155(para)
21174
msgid ""
21175
"The simplest way of executing the above backup script is to copy and paste "
21176
"the contents into a file. <filename>backup.sh</filename> for example. Then "
21177
"from a terminal prompt:"
13366
msgid "The simplest way of executing the above backup script is to copy and paste the contents into a file. <filename>backup.sh</filename> for example. Then from a terminal prompt:"
21178
13367
msgstr ""
21179
13368
21180
13369
#: serverguide/C/backups.xml:160(command)
21182
13371
msgstr ""
21183
13372
21184
13373
#: serverguide/C/backups.xml:162(para)
21185
msgid ""
21186
"This is a great way to test the script to make sure everything works as "
21187
"expected."
13374
msgid "This is a great way to test the script to make sure everything works as expected."
21188
13375
msgstr ""
21189
13376
21190
13377
#: serverguide/C/backups.xml:167(title)
21192
13379
msgstr ""
21193
13380
21194
13381
#: serverguide/C/backups.xml:168(para)
21195
msgid ""
21196
"The <application>cron</application> utility can be used to automate the "
21197
"script execution. The <application>cron</application> daemon allows the "
21198
"execution of scripts, or commands, at a specified time and date."
13382
msgid "The <application>cron</application> utility can be used to automate the script execution. The <application>cron</application> daemon allows the execution of scripts, or commands, at a specified time and date."
21199
13383
msgstr ""
21200
13384
21201
13385
#: serverguide/C/backups.xml:172(para)
21202
msgid ""
21203
"<application>cron</application> is configured through entries in a "
21204
"<filename>crontab</filename> file. <filename>crontab</filename> files are "
21205
"separated into fields:"
13386
msgid "<application>cron</application> is configured through entries in a <filename>crontab</filename> file. <filename>crontab</filename> files are separated into fields:"
21206
13387
msgstr ""
21207
13388
21208
13389
#: serverguide/C/backups.xml:176(programlisting)
21209
13390
#, no-wrap
21210
msgid ""
21211
"\n"
21212
"# m h dom mon dow command\n"
13391
msgid "\n# m h dom mon dow command\n"
21213
13392
msgstr ""
21214
13393
21215
13394
#: serverguide/C/backups.xml:181(para)
21216
msgid ""
21217
"<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
13395
msgid "<emphasis>m:</emphasis> minute the command executes on between 0 and 59."
21218
13396
msgstr ""
21219
13397
21220
13398
#: serverguide/C/backups.xml:186(para)
21221
msgid ""
21222
"<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
13399
msgid "<emphasis>h:</emphasis> hour the command executes on between 0 and 23."
21223
13400
msgstr ""
21224
13401
21225
13402
#: serverguide/C/backups.xml:191(para)
21227
13404
msgstr ""
21228
13405
21229
13406
#: serverguide/C/backups.xml:196(para)
21230
msgid ""
21231
"<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
13407
msgid "<emphasis>mon:</emphasis> the month the command executes on between 1 and 12."
21232
13408
msgstr ""
21233
13409
21234
13410
#: serverguide/C/backups.xml:201(para)
21235
msgid ""
21236
"<emphasis>dow:</emphasis> the day of the week the command executes on "
21237
"between 0 and 7. Sunday may be specified by using 0 or 7, both values are "
21238
"valid."
13411
msgid "<emphasis>dow:</emphasis> the day of the week the command executes on between 0 and 7. Sunday may be specified by using 0 or 7, both values are valid."
21239
13412
msgstr ""
21240
13413
21241
13414
#: serverguide/C/backups.xml:206(para)
21243
13416
msgstr ""
21244
13417
21245
13418
#: serverguide/C/backups.xml:211(para)
21246
msgid ""
21247
"To add or change entries in a <filename>crontab</filename> file the "
21248
"<application>crontab -e</application> command should be used. Also, the "
21249
"contents of a <filename>crontab</filename> file can be viewed using the "
21250
"<application>crontab -l</application> command."
13419
msgid "To add or change entries in a <filename>crontab</filename> file the <application>crontab -e</application> command should be used. Also, the contents of a <filename>crontab</filename> file can be viewed using the <application>crontab -l</application> command."
21251
13420
msgstr ""
21252
13421
21253
13422
#: serverguide/C/backups.xml:215(para)
21254
msgid ""
21255
"To execute the <application>backup.sh</application> script listed above "
21256
"using <application>cron</application>. Enter the following from a terminal "
21257
"prompt:"
13423
msgid "To execute the <application>backup.sh</application> script listed above using <application>cron</application>. Enter the following from a terminal prompt:"
21258
13424
msgstr ""
21259
13425
21260
13426
#: serverguide/C/backups.xml:220(command)
21262
13428
msgstr ""
21263
13429
21264
13430
#: serverguide/C/backups.xml:223(para)
21265
msgid ""
21266
"Using <application>sudo</application> with the <application>crontab -"
21267
"e</application> command edits the <emphasis>root</emphasis> user's crontab. "
21268
"This is necessary if you are backing up directories only the root user has "
21269
"access to."
13431
msgid "Using <application>sudo</application> with the <application>crontab -e</application> command edits the <emphasis>root</emphasis> user's crontab. This is necessary if you are backing up directories only the root user has access to."
21270
13432
msgstr ""
21271
13433
21272
13434
#: serverguide/C/backups.xml:228(para)
21275
13437
21276
13438
#: serverguide/C/backups.xml:231(programlisting)
21277
13439
#, no-wrap
21278
msgid ""
21279
"\n"
21280
"# m h dom mon dow command\n"
21281
"0 0 * * * bash /usr/local/bin/backup.sh\n"
13440
msgid "\n# m h dom mon dow command\n0 0 * * * bash /usr/local/bin/backup.sh\n"
21282
13441
msgstr ""
21283
13442
21284
13443
#: serverguide/C/backups.xml:235(para)
21285
msgid ""
21286
"The <application>backup.sh</application> script will now be executed every "
21287
"day at 12:00 am."
13444
msgid "The <application>backup.sh</application> script will now be executed every day at 12:00 am."
21288
13445
msgstr ""
21289
13446
21290
13447
#: serverguide/C/backups.xml:239(para)
21291
msgid ""
21292
"The <application>backup.sh</application> script will need to be copied to "
21293
"the <filename>/usr/local/bin/</filename> directory in order for this entry "
21294
"to execute properly. The script can reside anywhere on the file system "
21295
"simply change the script path appropriately."
13448
msgid "The <application>backup.sh</application> script will need to be copied to the <filename>/usr/local/bin/</filename> directory in order for this entry to execute properly. The script can reside anywhere on the file system simply change the script path appropriately."
21296
13449
msgstr ""
21297
13450
21298
13451
#: serverguide/C/backups.xml:244(para)
21299
msgid ""
21300
"For more in depth <application>crontab</application> options see <xref "
21301
"linkend=\"backup-shellscript-references\"/>."
13452
msgid "For more in depth <application>crontab</application> options see <xref linkend=\"backup-shellscript-references\"/>."
21302
13453
msgstr ""
21303
13454
21304
13455
#: serverguide/C/backups.xml:250(title)
21306
13457
msgstr ""
21307
13458
21308
13459
#: serverguide/C/backups.xml:251(para)
21309
msgid ""
21310
"Once an archive has been created it is important to test the archive. The "
21311
"archive can be tested by listing the files it contains, but the best test is "
21312
"to <emphasis>restore</emphasis> a file from the archive."
13460
msgid "Once an archive has been created it is important to test the archive. The archive can be tested by listing the files it contains, but the best test is to <emphasis>restore</emphasis> a file from the archive."
21313
13461
msgstr ""
21314
13462
21315
13463
#: serverguide/C/backups.xml:257(para)
21329
13477
msgstr ""
21330
13478
21331
13479
#: serverguide/C/backups.xml:271(para)
21332
msgid ""
21333
"The <emphasis>-C</emphasis> option to <application>tar</application> "
21334
"redirects the extracted files to the specified directory. The above example "
21335
"will extract the <filename>/etc/hosts</filename> file to "
21336
"<filename>/tmp/etc/hosts</filename>. <application>tar</application> "
21337
"recreates the directory structure that it contains."
13480
msgid "The <emphasis>-C</emphasis> option to <application>tar</application> redirects the extracted files to the specified directory. The above example will extract the <filename>/etc/hosts</filename> file to <filename>/tmp/etc/hosts</filename>. <application>tar</application> recreates the directory structure that it contains."
21338
13481
msgstr ""
21339
13482
21340
13483
#: serverguide/C/backups.xml:276(para)
21341
msgid ""
21342
"Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of "
21343
"the file to restore."
13484
msgid "Also, notice the leading <emphasis>\"/\"</emphasis> is left off the path of the file to restore."
21344
13485
msgstr ""
21345
13486
21346
13487
#: serverguide/C/backups.xml:281(para)
21360
13501
msgstr ""
21361
13502
21362
13503
#: serverguide/C/backups.xml:300(para)
21363
msgid ""
21364
"For more information on shell scripting see the <ulink "
21365
"url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
13504
msgid "For more information on shell scripting see the <ulink url=\"http://tldp.org/LDP/abs/html/\">Advanced Bash-Scripting Guide</ulink>"
21366
13505
msgstr ""
21367
13506
21368
13507
#: serverguide/C/backups.xml:305(para)
21369
msgid ""
21370
"The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach "
21371
"Yourself Shell Programming in 24 Hours</ulink> is available online and a "
21372
"great resource for shell scripting."
13508
msgid "The book <ulink url=\"http://safari.samspublishing.com/0672323583\">Teach Yourself Shell Programming in 24 Hours</ulink> is available online and a great resource for shell scripting."
21373
13509
msgstr ""
21374
13510
21375
13511
#: serverguide/C/backups.xml:311(para)
21376
msgid ""
21377
"The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto "
21378
"Wiki Page</ulink> contains details on advanced "
21379
"<application>cron</application> options."
13512
msgid "The <ulink url=\"https://help.ubuntu.com/community/CronHowto\">CronHowto Wiki Page</ulink> contains details on advanced <application>cron</application> options."
21380
13513
msgstr ""
21381
13514
21382
13515
#: serverguide/C/backups.xml:318(para)
21383
msgid ""
21384
"See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU "
21385
"tar Manual</ulink> for more <application>tar</application> options."
13516
msgid "See the <ulink url=\"http://www.gnu.org/software/tar/manual/index.html\">GNU tar Manual</ulink> for more <application>tar</application> options."
21386
13517
msgstr ""
21387
13518
21388
13519
#: serverguide/C/backups.xml:324(para)
21389
msgid ""
21390
"The Wikipedia <ulink "
21391
"url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation "
21392
"Scheme</ulink> article contains information on other backup rotation schemes."
13520
msgid "The Wikipedia <ulink url=\"http://en.wikipedia.org/wiki/Backup_rotation_scheme\">Backup Rotation Scheme</ulink> article contains information on other backup rotation schemes."
21393
13521
msgstr ""
21394
13522
21395
13523
#: serverguide/C/backups.xml:330(para)
21396
msgid ""
21397
"The shell script uses <application>tar</application> to create the archive, "
21398
"but there many other command line utilities that can be used. For example:"
13524
msgid "The shell script uses <application>tar</application> to create the archive, but there many other command line utilities that can be used. For example:"
21399
13525
msgstr ""
21400
13526
21401
13527
#: serverguide/C/backups.xml:336(para)
21402
msgid ""
21403
"<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy "
21404
"files to and from archives."
13528
msgid "<ulink url=\"http://www.gnu.org/software/cpio/\">cpio</ulink>: used to copy files to and from archives."
21405
13529
msgstr ""
21406
13530
21407
13531
#: serverguide/C/backups.xml:341(para)
21408
msgid ""
21409
"<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of "
21410
"the <application>coreutils</application> package. A low level utility that "
21411
"can copy data from one format to another"
13532
msgid "<ulink url=\"http://www.gnu.org/software/coreutils/\">dd</ulink>: part of the <application>coreutils</application> package. A low level utility that can copy data from one format to another"
21412
13533
msgstr ""
21413
13534
21414
13535
#: serverguide/C/backups.xml:347(para)
21415
msgid ""
21416
"<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system "
21417
"snap shot utility used to create copies of an entire file system."
13536
msgid "<ulink url=\"http://www.rsnapshot.org/\">rsnapshot</ulink>: a file system snap shot utility used to create copies of an entire file system."
21418
13537
msgstr ""
21419
13538
21420
13539
#: serverguide/C/backups.xml:358(title)
21422
13541
msgstr ""
21423
13542
21424
13543
#: serverguide/C/backups.xml:359(para)
21425
msgid ""
21426
"The shell script in section <xref linkend=\"backup-shellscripts\"/> only "
21427
"allows for seven different archives. For a server whose data doesn't change "
21428
"often this may be enough. If the server has a large amount of data a more "
21429
"robust rotation scheme should be used."
13544
msgid "The shell script in section <xref linkend=\"backup-shellscripts\"/> only allows for seven different archives. For a server whose data doesn't change often this may be enough. If the server has a large amount of data a more robust rotation scheme should be used."
21430
13545
msgstr ""
21431
13546
21432
13547
#: serverguide/C/backups.xml:365(title)
21434
13549
msgstr ""
21435
13550
21436
13551
#: serverguide/C/backups.xml:366(para)
21437
msgid ""
21438
"In this section the shell script will be slightly modified to implement a "
21439
"grandfather-father-son rotation scheme (monthly-weekly-daily):"
13552
msgid "In this section the shell script will be slightly modified to implement a grandfather-father-son rotation scheme (monthly-weekly-daily):"
21440
13553
msgstr ""
21441
13554
21442
13555
#: serverguide/C/backups.xml:372(para)
21443
msgid ""
21444
"The rotation will do a <emphasis>daily</emphasis> backup Sunday through "
21445
"Friday."
13556
msgid "The rotation will do a <emphasis>daily</emphasis> backup Sunday through Friday."
21446
13557
msgstr ""
21447
13558
21448
13559
#: serverguide/C/backups.xml:377(para)
21449
msgid ""
21450
"On Saturday a <emphasis>weekly</emphasis> backup is done giving you four "
21451
"weekly backups a month."
13560
msgid "On Saturday a <emphasis>weekly</emphasis> backup is done giving you four weekly backups a month."
21452
13561
msgstr ""
21453
13562
21454
13563
#: serverguide/C/backups.xml:382(para)
21455
msgid ""
21456
"The <emphasis>monthly</emphasis> backup is done on the first of the month "
21457
"rotating two monthly backups based on if the month is odd or even."
13564
msgid "The <emphasis>monthly</emphasis> backup is done on the first of the month rotating two monthly backups based on if the month is odd or even."
21458
13565
msgstr ""
21459
13566
21460
13567
#: serverguide/C/backups.xml:388(para)
21463
13570
21464
13571
#: serverguide/C/backups.xml:391(programlisting)
21465
13572
#, no-wrap
21466
msgid ""
21467
"\n"
21468
"#!/bin/bash\n"
21469
"####################################\n"
21470
"#\n"
21471
"# Backup to NFS mount script with\n"
21472
"# grandfather-father-son rotation.\n"
21473
"#\n"
21474
"####################################\n"
21475
"\n"
21476
"# What to backup. \n"
21477
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
21478
"\n"
21479
"# Where to backup to.\n"
21480
"dest=\"/mnt/backup\"\n"
21481
"\n"
21482
"# Setup variables for the archive filename.\n"
21483
"day=$(date +%A)\n"
21484
"hostname=$(hostname -s)\n"
21485
"\n"
21486
"# Find which week of the month 1-4 it is.\n"
21487
"day_num=$(date +%d)\n"
21488
"if (( $day_num <= 7 )); then\n"
21489
" week_file=\"$hostname-week1.tgz\"\n"
21490
"elif (( $day_num > 7 && $day_num <= 14 )); then\n"
21491
" week_file=\"$hostname-week2.tgz\"\n"
21492
"elif (( $day_num > 14 && $day_num <= 21 )); then\n"
21493
" week_file=\"$hostname-week3.tgz\"\n"
21494
"elif (( $day_num > 21 && $day_num < 32 )); then\n"
21495
" week_file=\"$hostname-week4.tgz\"\n"
21496
"fi\n"
21497
"\n"
21498
"# Find if the Month is odd or even.\n"
21499
"month_num=$(date +%m)\n"
21500
"month=$(expr $month_num % 2)\n"
21501
"if [ $month -eq 0 ]; then\n"
21502
" month_file=\"$hostname-month2.tgz\"\n"
21503
"else\n"
21504
" month_file=\"$hostname-month1.tgz\"\n"
21505
"fi\n"
21506
"\n"
21507
"# Create archive filename.\n"
21508
"if [ $day_num == 1 ]; then\n"
21509
"\tarchive_file=$month_file\n"
21510
"elif [ $day != \"Saturday\" ]; then\n"
21511
" archive_file=\"$hostname-$day.tgz\"\n"
21512
"else \n"
21513
"\tarchive_file=$week_file\n"
21514
"fi\n"
21515
"\n"
21516
"# Print start status message.\n"
21517
"echo \"Backing up $backup_files to $dest/$archive_file\"\n"
21518
"date\n"
21519
"echo\n"
21520
"\n"
21521
"# Backup the files using tar.\n"
21522
"tar czf $dest/$archive_file $backup_files\n"
21523
"\n"
21524
"# Print end status message.\n"
21525
"echo\n"
21526
"echo \"Backup finished\"\n"
21527
"date\n"
21528
"\n"
21529
"# Long listing of files in $dest to check file sizes.\n"
21530
"ls -lh $dest/\n"
13573
msgid "\n#!/bin/bash\n####################################\n#\n# Backup to NFS mount script with\n# grandfather-father-son rotation.\n#\n####################################\n\n# What to backup. \nbackup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n\n# Where to backup to.\ndest=\"/mnt/backup\"\n\n# Setup variables for the archive filename.\nday=$(date +%A)\nhostname=$(hostname -s)\n\n# Find which week of the month 1-4 it is.\nday_num=$(date +%d)\nif (( $day_num <= 7 )); then\n week_file=\"$hostname-week1.tgz\"\nelif (( $day_num > 7 && $day_num <= 14 )); then\n week_file=\"$hostname-week2.tgz\"\nelif (( $day_num > 14 && $day_num <= 21 )); then\n week_file=\"$hostname-week3.tgz\"\nelif (( $day_num > 21 && $day_num < 32 )); then\n week_file=\"$hostname-week4.tgz\"\nfi\n\n# Find if the Month is odd or even.\nmonth_num=$(date +%m)\nmonth=$(expr $month_num % 2)\nif [ $month -eq 0 ]; then\n month_file=\"$hostname-month2.tgz\"\nelse\n month_file=\"$hostname-month1.tgz\"\nfi\n\n# Create archive filename.\nif [ $day_num == 1 ]; then\n\tarchive_file=$month_file\nelif [ $day != \"Saturday\" ]; then\n archive_file=\"$hostname-$day.tgz\"\nelse \n\tarchive_file=$week_file\nfi\n\n# Print start status message.\necho \"Backing up $backup_files to $dest/$archive_file\"\ndate\necho\n\n# Backup the files using tar.\ntar czf $dest/$archive_file $backup_files\n\n# Print end status message.\necho\necho \"Backup finished\"\ndate\n\n# Long listing of files in $dest to check file sizes.\nls -lh $dest/\n"
21531
13574
msgstr ""
21532
13575
21533
13576
#: serverguide/C/backups.xml:456(para)
21534
msgid ""
21535
"The script can be executed using the same methods as in <xref "
21536
"linkend=\"backup-executing-shellscript\"/>."
13577
msgid "The script can be executed using the same methods as in <xref linkend=\"backup-executing-shellscript\"/>."
21537
13578
msgstr ""
21538
13579
21539
13580
#: serverguide/C/backups.xml:459(para)
21540
msgid ""
21541
"It is good practice to take backup media off site in case of a disaster. In "
21542
"the shell script example the backup media is another server providing an NFS "
21543
"share. In all likelihood taking the NFS server to another location would not "
21544
"be practical. Depending upon connection speeds it may be an option to copy "
21545
"the archive file over a WAN link to a server in another location."
13581
msgid "It is good practice to take backup media off site in case of a disaster. In the shell script example the backup media is another server providing an NFS share. In all likelihood taking the NFS server to another location would not be practical. Depending upon connection speeds it may be an option to copy the archive file over a WAN link to a server in another location."
21546
13582
msgstr ""
21547
13583
21548
13584
#: serverguide/C/backups.xml:465(para)
21549
msgid ""
21550
"Another option is to copy the archive file to an external hard drive which "
21551
"can then be taken off site. Since the price of external hard drives continue "
21552
"to decrease it may be cost affective to use two drives for each archive "
21553
"level. This would allow you to have one external drive attached to the "
21554
"backup server and one in another location."
13585
msgid "Another option is to copy the archive file to an external hard drive which can then be taken off site. Since the price of external hard drives continue to decrease it may be cost affective to use two drives for each archive level. This would allow you to have one external drive attached to the backup server and one in another location."
21555
13586
msgstr ""
21556
13587
21557
13588
#: serverguide/C/backups.xml:472(title)
21559
13590
msgstr ""
21560
13591
21561
13592
#: serverguide/C/backups.xml:473(para)
21562
msgid ""
21563
"A tape drive attached to the server can be used instead of a NFS share. "
21564
"Using a tape drive simplifies archive rotation, and taking the media off "
21565
"site as well."
13593
msgid "A tape drive attached to the server can be used instead of a NFS share. Using a tape drive simplifies archive rotation, and taking the media off site as well."
21566
13594
msgstr ""
21567
13595
21568
13596
#: serverguide/C/backups.xml:477(para)
21569
msgid ""
21570
"When using a tape drive the filename portions of the script aren't needed "
21571
"because the date is sent directly to the tape device. Some commands to "
21572
"manipulate the tape are needed. This is accomplished using "
21573
"<application>mt</application>, a magnetic tape control utility part of the "
21574
"<application>cpio</application> package."
13597
msgid "When using a tape drive the filename portions of the script aren't needed because the date is sent directly to the tape device. Some commands to manipulate the tape are needed. This is accomplished using <application>mt</application>, a magnetic tape control utility part of the <application>cpio</application> package."
21575
13598
msgstr ""
21576
13599
21577
13600
#: serverguide/C/backups.xml:482(para)
21580
13603
21581
13604
#: serverguide/C/backups.xml:485(programlisting)
21582
13605
#, no-wrap
21583
msgid ""
21584
"\n"
21585
"#!/bin/bash\n"
21586
"####################################\n"
21587
"#\n"
21588
"# Backup to tape drive script.\n"
21589
"#\n"
21590
"####################################\n"
21591
"\n"
21592
"# What to backup. \n"
21593
"backup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n"
21594
"\n"
21595
"# Where to backup to.\n"
21596
"dest=\"/dev/st0\"\n"
21597
"\n"
21598
"# Print start status message.\n"
21599
"echo \"Backing up $backup_files to $dest\"\n"
21600
"date\n"
21601
"echo\n"
21602
"\n"
21603
"# Make sure the tape is rewound.\n"
21604
"mt -f $dest rewind\n"
21605
"\n"
21606
"# Backup the files using tar.\n"
21607
"tar czf $dest $backup_files\n"
21608
"\n"
21609
"# Rewind and eject the tape.\n"
21610
"mt -f $dest rewoffl\n"
21611
"\n"
21612
"# Print end status message.\n"
21613
"echo\n"
21614
"echo \"Backup finished\"\n"
21615
"date\n"
13606
msgid "\n#!/bin/bash\n####################################\n#\n# Backup to tape drive script.\n#\n####################################\n\n# What to backup. \nbackup_files=\"/home /var/spool/mail /etc /root /boot /opt\"\n\n# Where to backup to.\ndest=\"/dev/st0\"\n\n# Print start status message.\necho \"Backing up $backup_files to $dest\"\ndate\necho\n\n# Make sure the tape is rewound.\nmt -f $dest rewind\n\n# Backup the files using tar.\ntar czf $dest $backup_files\n\n# Rewind and eject the tape.\nmt -f $dest rewoffl\n\n# Print end status message.\necho\necho \"Backup finished\"\ndate\n"
21616
13607
msgstr ""
21617
13608
21618
13609
#: serverguide/C/backups.xml:519(para)
21619
msgid ""
21620
"The default device name for a SCSI tape drive is "
21621
"<filename>/dev/st0</filename>. Use the appropriate device path for your "
21622
"system."
13610
msgid "The default device name for a SCSI tape drive is <filename>/dev/st0</filename>. Use the appropriate device path for your system."
21623
13611
msgstr ""
21624
13612
21625
13613
#: serverguide/C/backups.xml:524(para)
21626
msgid ""
21627
"Restoring from a tape drive is basically the same as restoring from a file. "
21628
"Simply rewind the tape and use the device path instead of a file path. For "
21629
"example to restore the <filename>/etc/hosts</filename> file to "
21630
"<filename>/tmp/etc/hosts</filename>:"
13614
msgid "Restoring from a tape drive is basically the same as restoring from a file. Simply rewind the tape and use the device path instead of a file path. For example to restore the <filename>/etc/hosts</filename> file to <filename>/tmp/etc/hosts</filename>:"
21631
13615
msgstr ""
21632
13616
21633
13617
#: serverguide/C/backups.xml:529(command)
21643
13627
msgstr ""
21644
13628
21645
13629
#: serverguide/C/backups.xml:536(para)
21646
msgid ""
21647
"<application>Bacula</application> is a backup program enabling you to "
21648
"backup, restore, and verify data across your network. There are Bacula "
21649
"clients for Linux, Windows, and Mac OSX. Making it a cross platform network "
21650
"wide solution."
13630
msgid "<application>Bacula</application> is a backup program enabling you to backup, restore, and verify data across your network. There are Bacula clients for Linux, Windows, and Mac OSX. Making it a cross platform network wide solution."
21651
13631
msgstr ""
21652
13632
21653
13633
#: serverguide/C/backups.xml:542(para)
21654
msgid ""
21655
"<application>Bacula</application> is made up of several components and "
21656
"services used to manage which files to backup and where to back them up to:"
13634
msgid "<application>Bacula</application> is made up of several components and services used to manage which files to backup and where to back them up to:"
21657
13635
msgstr ""
21658
13636
21659
13637
#: serverguide/C/backups.xml:548(para)
21660
msgid ""
21661
"<application>Bacula Director:</application> a service that controls all "
21662
"backup, restore, verify, and archive operations."
13638
msgid "<application>Bacula Director:</application> a service that controls all backup, restore, verify, and archive operations."
21663
13639
msgstr ""
21664
13640
21665
13641
#: serverguide/C/backups.xml:553(para)
21666
msgid ""
21667
"<application>Bacula Console:</application> an application allowing "
21668
"communication with the Director. There are three versions of the Console:"
13642
msgid "<application>Bacula Console:</application> an application allowing communication with the Director. There are three versions of the Console:"
21669
13643
msgstr ""
21670
13644
21671
13645
#: serverguide/C/backups.xml:558(para)
21681
13655
msgstr ""
21682
13656
21683
13657
#: serverguide/C/backups.xml:564(para)
21684
msgid ""
21685
"<application>Bacula File:</application> also known as the "
21686
"<application>Bacula Client</application> program. This application is "
21687
"installed on machines to be backed up, and is responsible for the data "
21688
"requested by the Director."
13658
msgid "<application>Bacula File:</application> also known as the <application>Bacula Client</application> program. This application is installed on machines to be backed up, and is responsible for the data requested by the Director."
21689
13659
msgstr ""
21690
13660
21691
13661
#: serverguide/C/backups.xml:570(para)
21692
msgid ""
21693
"<application>Bacula Storage:</application> the programs that perform the "
21694
"storage and recovery of data to the physical media."
13662
msgid "<application>Bacula Storage:</application> the programs that perform the storage and recovery of data to the physical media."
21695
13663
msgstr ""
21696
13664
21697
13665
#: serverguide/C/backups.xml:575(para)
21698
msgid ""
21699
"<application>Bacula Catalog:</application> is responsible for maintaining "
21700
"the file indexes and volume databases for all files backed up, enabling "
21701
"quick location and restoration of archived files. The Catalog supports three "
21702
"different databases MySQL, PostgreSQL, and SQLite."
13666
msgid "<application>Bacula Catalog:</application> is responsible for maintaining the file indexes and volume databases for all files backed up, enabling quick location and restoration of archived files. The Catalog supports three different databases MySQL, PostgreSQL, and SQLite."
21703
13667
msgstr ""
21704
13668
21705
13669
#: serverguide/C/backups.xml:581(para)
21706
msgid ""
21707
"<application>Bacula Monitor:</application> allows the monitoring of the "
21708
"Director, File daemons, and Storage daemons. Currently the Monitor is only "
21709
"available as a GTK+ GUI application."
13670
msgid "<application>Bacula Monitor:</application> allows the monitoring of the Director, File daemons, and Storage daemons. Currently the Monitor is only available as a GTK+ GUI application."
21710
13671
msgstr ""
21711
13672
21712
13673
#: serverguide/C/backups.xml:587(para)
21713
msgid ""
21714
"These services and applications can be run on multiple servers and clients, "
21715
"or they can be installed on one machine if backing up a single disk or "
21716
"volume."
13674
msgid "These services and applications can be run on multiple servers and clients, or they can be installed on one machine if backing up a single disk or volume."
21717
13675
msgstr ""
21718
13676
21719
13677
#: serverguide/C/backups.xml:594(para)
21720
msgid ""
21721
"There are multiple packages containing the different "
21722
"<application>Bacula</application> components. To install Bacula, from a "
21723
"terminal prompt enter:"
13678
msgid "There are multiple packages containing the different <application>Bacula</application> components. To install Bacula, from a terminal prompt enter:"
21724
13679
msgstr ""
21725
13680
21726
13681
#: serverguide/C/backups.xml:599(command)
21728
13683
msgstr ""
21729
13684
21730
13685
#: serverguide/C/backups.xml:601(para)
21731
msgid ""
21732
"By default installing the <application>bacula</application> package will use "
21733
"a <application>MySQL</application> database for the Catalog. If you want to "
21734
"use SQLite or PostgreSQL, for the Catalog, install <application>bacula-"
21735
"director-sqlite3</application> or <application>bacula-director-"
21736
"pgsql</application> respectively."
13686
msgid "By default installing the <application>bacula</application> package will use a <application>MySQL</application> database for the Catalog. If you want to use SQLite or PostgreSQL, for the Catalog, install <application>bacula-director-sqlite3</application> or <application>bacula-director-pgsql</application> respectively."
21737
13687
msgstr ""
21738
13688
21739
13689
#: serverguide/C/backups.xml:607(para)
21740
msgid ""
21741
"During the install process you will be asked to supply credentials for the "
21742
"database <emphasis>administrator</emphasis> and the "
21743
"<emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The "
21744
"database administrator will need to have the appropriate rights to create a "
21745
"database, see <xref linkend=\"mysql\"/> for more information."
13690
msgid "During the install process you will be asked to supply credentials for the database <emphasis>administrator</emphasis> and the <emphasis>bacula</emphasis> database <emphasis>owner</emphasis>. The database administrator will need to have the appropriate rights to create a database, see <xref linkend=\"mysql\"/> for more information."
21746
13691
msgstr ""
21747
13692
21748
13693
#: serverguide/C/backups.xml:617(para)
21749
msgid ""
21750
"<application>Bacula</application> configuration files are formatted based on "
21751
"<emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> "
21752
"surrounded by <quote>{}</quote> braces. Each Bacula component has an "
21753
"individual file in the <filename role=\"directory\">/etc/bacula</filename> "
21754
"directory."
13694
msgid "<application>Bacula</application> configuration files are formatted based on <emphasis>resources</emphasis> comprising of <emphasis>directives</emphasis> surrounded by <quote>{}</quote> braces. Each Bacula component has an individual file in the <filename role=\"directory\">/etc/bacula</filename> directory."
21755
13695
msgstr ""
21756
13696
21757
13697
#: serverguide/C/backups.xml:622(para)
21758
msgid ""
21759
"The various <application>Bacula</application> components must authorize "
21760
"themselves to each other. This is accomplished using the "
21761
"<emphasis>password</emphasis> directive. For example, the "
21762
"<emphasis>Storage</emphasis> resource password in the "
21763
"<filename>/etc/bacula/bacula-dir.conf</filename> file must match the "
21764
"<emphasis>Director</emphasis> resource password in "
21765
"<filename>/etc/bacula/bacula-sd.conf</filename>."
13698
msgid "The various <application>Bacula</application> components must authorize themselves to each other. This is accomplished using the <emphasis>password</emphasis> directive. For example, the <emphasis>Storage</emphasis> resource password in the <filename>/etc/bacula/bacula-dir.conf</filename> file must match the <emphasis>Director</emphasis> resource password in <filename>/etc/bacula/bacula-sd.conf</filename>."
21766
13699
msgstr ""
21767
13700
21768
13701
#: serverguide/C/backups.xml:628(para)
21769
msgid ""
21770
"By default the backup job named <emphasis>Client1</emphasis> is configured "
21771
"to archive the <application>Bacula</application> Catalog. If you plan on "
21772
"using the server to backup more than one client you should change the name "
21773
"of this job to something more descriptive. To change the name edit "
21774
"<filename>/etc/bacula/bacula-dir.conf</filename>:"
13702
msgid "By default the backup job named <emphasis>Client1</emphasis> is configured to archive the <application>Bacula</application> Catalog. If you plan on using the server to backup more than one client you should change the name of this job to something more descriptive. To change the name edit <filename>/etc/bacula/bacula-dir.conf</filename>:"
21775
13703
msgstr ""
21776
13704
21777
13705
#: serverguide/C/backups.xml:633(programlisting)
21778
13706
#, no-wrap
21779
msgid ""
21780
"\n"
21781
"#\n"
21782
"# Define the main nightly save backup job\n"
21783
"# By default, this job will back up to disk in \n"
21784
"Job {\n"
21785
" Name = \"BackupServer\"\n"
21786
" JobDefs = \"DefaultJob\"\n"
21787
" Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n"
21788
"}\n"
13707
msgid "\n#\n# Define the main nightly save backup job\n# By default, this job will back up to disk in \nJob {\n Name = \"BackupServer\"\n JobDefs = \"DefaultJob\"\n Write Bootstrap = \"/var/lib/bacula/Client1.bsr\"\n}\n"
21789
13708
msgstr ""
21790
13709
21791
13710
#: serverguide/C/backups.xml:644(para)
21792
msgid ""
21793
"The example above changes the job name to <emphasis>BackupServer</emphasis> "
21794
"matching the machine's host name. Replace <quote>BackupServer</quote> with "
21795
"your appropriate hostname, or other descriptive name."
13711
msgid "The example above changes the job name to <emphasis>BackupServer</emphasis> matching the machine's host name. Replace <quote>BackupServer</quote> with your appropriate hostname, or other descriptive name."
21796
13712
msgstr ""
21797
13713
21798
13714
#: serverguide/C/backups.xml:649(para)
21799
msgid ""
21800
"The <emphasis>Console</emphasis> can be used to query the "
21801
"<emphasis>Director</emphasis> about jobs, but to use the Console with a "
21802
"<emphasis>non-root</emphasis> user, the user needs to be in the "
21803
"<emphasis>bacula</emphasis> group. To add a user to the bacula group enter "
21804
"the following from a terminal:"
13715
msgid "The <emphasis>Console</emphasis> can be used to query the <emphasis>Director</emphasis> about jobs, but to use the Console with a <emphasis>non-root</emphasis> user, the user needs to be in the <emphasis>bacula</emphasis> group. To add a user to the bacula group enter the following from a terminal:"
21805
13716
msgstr ""
21806
13717
21807
13718
#: serverguide/C/backups.xml:655(command)
21809
13720
msgstr ""
21810
13721
21811
13722
#: serverguide/C/backups.xml:658(para)
21812
msgid ""
21813
"Replace <emphasis>$username</emphasis> with the actual username. Also, if "
21814
"you are adding the current user to the group you should log out and back in "
21815
"for the new permissions to take effect."
13723
msgid "Replace <emphasis>$username</emphasis> with the actual username. Also, if you are adding the current user to the group you should log out and back in for the new permissions to take effect."
21816
13724
msgstr ""
21817
13725
21818
13726
#: serverguide/C/backups.xml:665(title)
21820
13728
msgstr ""
21821
13729
21822
13730
#: serverguide/C/backups.xml:666(para)
21823
msgid ""
21824
"This section describes how to backup specified directories on a single host "
21825
"to a local tape drive."
13731
msgid "This section describes how to backup specified directories on a single host to a local tape drive."
21826
13732
msgstr ""
21827
13733
21828
13734
#: serverguide/C/backups.xml:671(para)
21829
msgid ""
21830
"First, the <emphasis>Storage</emphasis> device needs to be configured. Edit "
21831
"<filename>/etc/bacula/bacula-sd.conf</filename> add:"
13735
msgid "First, the <emphasis>Storage</emphasis> device needs to be configured. Edit <filename>/etc/bacula/bacula-sd.conf</filename> add:"
21832
13736
msgstr ""
21833
13737
21834
13738
#: serverguide/C/backups.xml:674(programlisting)
21835
13739
#, no-wrap
21836
msgid ""
21837
"\n"
21838
"Device {\n"
21839
" Name = \"Tape Drive\"\n"
21840
" Device Type = tape\n"
21841
" Media Type = DDS-4\n"
21842
" Archive Device = /dev/st0\n"
21843
" Hardware end of medium = No;\n"
21844
" AutomaticMount = yes; # when device opened, read it\n"
21845
" AlwaysOpen = Yes;\n"
21846
" RemovableMedia = yes;\n"
21847
" RandomAccess = no;\n"
21848
" Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n"
21849
"}\n"
13740
msgid "\nDevice {\n Name = \"Tape Drive\"\n Device Type = tape\n Media Type = DDS-4\n Archive Device = /dev/st0\n Hardware end of medium = No;\n AutomaticMount = yes; # when device opened, read it\n AlwaysOpen = Yes;\n RemovableMedia = yes;\n RandomAccess = no;\n Alert Command = \"sh -c 'tapeinfo -f %c | grep TapeAlert'\"\n}\n"
21850
13741
msgstr ""
21851
13742
21852
13743
#: serverguide/C/backups.xml:688(para)
21853
msgid ""
21854
"The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media "
21855
"Type and Archive Device to match your hardware."
13744
msgid "The example is for a <emphasis>DDS-4</emphasis> tape drive. Adjust the Media Type and Archive Device to match your hardware."
21856
13745
msgstr ""
21857
13746
21858
13747
#: serverguide/C/backups.xml:691(para)
21860
13749
msgstr ""
21861
13750
21862
13751
#: serverguide/C/backups.xml:696(para)
21863
msgid ""
21864
"After editing <filename>/etc/bacula/bacula-sd.conf</filename> the "
21865
"<application>Storage</application> daemon will need to be restarted:"
13752
msgid "After editing <filename>/etc/bacula/bacula-sd.conf</filename> the <application>Storage</application> daemon will need to be restarted:"
21866
13753
msgstr ""
21867
13754
21868
13755
#: serverguide/C/backups.xml:701(command)
21870
13757
msgstr ""
21871
13758
21872
13759
#: serverguide/C/backups.xml:705(para)
21873
msgid ""
21874
"Now add a <emphasis>Storage</emphasis> resource in "
21875
"<filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
13760
msgid "Now add a <emphasis>Storage</emphasis> resource in <filename>/etc/bacula/bacula-dir.conf</filename> to use the new Device:"
21876
13761
msgstr ""
21877
13762
21878
13763
#: serverguide/C/backups.xml:708(programlisting)
21879
13764
#, no-wrap
21880
msgid ""
21881
"\n"
21882
"# Definition of \"Tape Drive\" storage device\n"
21883
"Storage {\n"
21884
" Name = TapeDrive\n"
21885
" # Do not use \"localhost\" here \n"
21886
" Address = backupserver # N.B. Use a fully qualified name "
21887
"here\n"
21888
" SDPort = 9103\n"
21889
" Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n"
21890
" Device = \"Tape Drive\"\n"
21891
" Media Type = tape\n"
21892
"}\n"
13765
msgid "\n# Definition of \"Tape Drive\" storage device\nStorage {\n Name = TapeDrive\n # Do not use \"localhost\" here \n Address = backupserver # N.B. Use a fully qualified name here\n SDPort = 9103\n Password = \"Cv70F6pf1t6pBopT4vQOnigDrR0v3LT3Cgkiyj\"\n Device = \"Tape Drive\"\n Media Type = tape\n}\n"
21893
13766
msgstr ""
21894
13767
21895
13768
#: serverguide/C/backups.xml:720(para)
21896
msgid ""
21897
"The <emphasis>Address</emphasis> directive needs to be the Fully Qualified "
21898
"Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> "
21899
"to the actual host name."
13769
msgid "The <emphasis>Address</emphasis> directive needs to be the Fully Qualified Domain Name (FQDN) of the server. Change <emphasis>backupserver</emphasis> to the actual host name."
21900
13770
msgstr ""
21901
13771
21902
13772
#: serverguide/C/backups.xml:724(para)
21903
msgid ""
21904
"Also, make sure the <emphasis>Password</emphasis> directive matches the "
21905
"password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
13773
msgid "Also, make sure the <emphasis>Password</emphasis> directive matches the password string in <filename>/etc/bacula/bacula-sd.conf</filename>."
21906
13774
msgstr ""
21907
13775
21908
13776
#: serverguide/C/backups.xml:730(para)
21909
msgid ""
21910
"Create a new <emphasis>FileSet</emphasis>, which will determine what "
21911
"directories to backup, by adding:"
13777
msgid "Create a new <emphasis>FileSet</emphasis>, which will determine what directories to backup, by adding:"
21912
13778
msgstr ""
21913
13779
21914
13780
#: serverguide/C/backups.xml:733(programlisting)
21915
13781
#, no-wrap
21916
msgid ""
21917
"\n"
21918
"# LocalhostBacup FileSet.\n"
21919
"FileSet {\n"
21920
" Name = \"LocalhostFiles\"\n"
21921
" Include {\n"
21922
" Options {\n"
21923
" signature = MD5\n"
21924
" compression=GZIP\n"
21925
" }\n"
21926
" File = /etc\n"
21927
" File = /home\n"
21928
" }\n"
21929
"}\n"
13782
msgid "\n# LocalhostBacup FileSet.\nFileSet {\n Name = \"LocalhostFiles\"\n Include {\n Options {\n signature = MD5\n compression=GZIP\n }\n File = /etc\n File = /home\n }\n}\n"
21930
13783
msgstr ""
21931
13784
21932
13785
#: serverguide/C/backups.xml:747(para)
21933
msgid ""
21934
"This <emphasis>FileSet</emphasis> will backup the <filename "
21935
"role=\"directory\">/etc</filename> and <filename "
21936
"role=\"directory\">/home</filename> directories. The "
21937
"<emphasis>Options</emphasis> resource directives configure the FileSet to "
21938
"create a MD5 signature for each file backed up, and to compress the files "
21939
"using GZIP."
13786
msgid "This <emphasis>FileSet</emphasis> will backup the <filename role=\"directory\">/etc</filename> and <filename role=\"directory\">/home</filename> directories. The <emphasis>Options</emphasis> resource directives configure the FileSet to create a MD5 signature for each file backed up, and to compress the files using GZIP."
21940
13787
msgstr ""
21941
13788
21942
13789
#: serverguide/C/backups.xml:754(para)
21945
13792
21946
13793
#: serverguide/C/backups.xml:757(programlisting)
21947
13794
#, no-wrap
21948
msgid ""
21949
"\n"
21950
"# LocalhostBackup Schedule -- Daily.\n"
21951
"Schedule {\n"
21952
" Name = \"LocalhostDaily\"\n"
21953
" Run = Full daily at 00:01\n"
21954
"}\n"
13795
msgid "\n# LocalhostBackup Schedule -- Daily.\nSchedule {\n Name = \"LocalhostDaily\"\n Run = Full daily at 00:01\n}\n"
21955
13796
msgstr ""
21956
13797
21957
13798
#: serverguide/C/backups.xml:764(para)
21958
msgid ""
21959
"The job will run every day at 00:01 or 12:01 am. There are many other "
21960
"scheduling options available."
13799
msgid "The job will run every day at 00:01 or 12:01 am. There are many other scheduling options available."
21961
13800
msgstr ""
21962
13801
21963
13802
#: serverguide/C/backups.xml:769(para)
21966
13805
21967
13806
#: serverguide/C/backups.xml:772(programlisting)
21968
13807
#, no-wrap
21969
msgid ""
21970
"\n"
21971
"# Localhost backup.\n"
21972
"Job {\n"
21973
" Name = \"LocalhostBackup\"\n"
21974
" JobDefs = \"DefaultJob\"\n"
21975
" Enabled = yes\n"
21976
" Level = Full\n"
21977
" FileSet = \"LocalhostFiles\"\n"
21978
" Schedule = \"LocalhostDaily\"\n"
21979
" Storage = TapeDrive\n"
21980
" Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n"
21981
"} \n"
13808
msgid "\n# Localhost backup.\nJob {\n Name = \"LocalhostBackup\"\n JobDefs = \"DefaultJob\"\n Enabled = yes\n Level = Full\n FileSet = \"LocalhostFiles\"\n Schedule = \"LocalhostDaily\"\n Storage = TapeDrive\n Write Bootstrap = \"/var/lib/bacula/LocalhostBackup.bsr\"\n} \n"
21982
13809
msgstr ""
21983
13810
21984
13811
#: serverguide/C/backups.xml:785(para)
21985
msgid ""
21986
"The job will do a <emphasis>Full</emphasis> backup every day to the tape "
21987
"drive."
13812
msgid "The job will do a <emphasis>Full</emphasis> backup every day to the tape drive."
21988
13813
msgstr ""
21989
13814
21990
13815
#: serverguide/C/backups.xml:790(para)
21991
msgid ""
21992
"Each tape used will need to have a <emphasis>Label</emphasis>. If the "
21993
"current tape does not have a label <application>Bacula</application> will "
21994
"send an email letting you know. To label a tape using the "
21995
"<application>Console</application> enter the following from a terminal:"
13816
msgid "Each tape used will need to have a <emphasis>Label</emphasis>. If the current tape does not have a label <application>Bacula</application> will send an email letting you know. To label a tape using the <application>Console</application> enter the following from a terminal:"
21996
13817
msgstr ""
21997
13818
21998
13819
#: serverguide/C/backups.xml:796(command)
22008
13829
msgstr ""
22009
13830
22010
13831
#: serverguide/C/backups.xml:808(para)
22011
msgid ""
22012
"You will then be prompted for the <emphasis>Storage</emphasis> resource:"
13832
msgid "You will then be prompted for the <emphasis>Storage</emphasis> resource:"
22013
13833
msgstr ""
22014
13834
22015
13835
#: serverguide/C/backups.xml:818(userinput)
22019
13839
22020
13840
#: serverguide/C/backups.xml:812(computeroutput)
22021
13841
#, no-wrap
22022
msgid ""
22023
"\n"
22024
"Automatically selected Catalog: MyCatalog\n"
22025
"Using Catalog \"MyCatalog\"\n"
22026
"The defined Storage resources are:\n"
22027
" 1: File\n"
22028
" 2: TapeDrive\n"
22029
"Select Storage resource (1-2):<placeholder-1/>\n"
13842
msgid "\nAutomatically selected Catalog: MyCatalog\nUsing Catalog \"MyCatalog\"\nThe defined Storage resources are:\n 1: File\n 2: TapeDrive\nSelect Storage resource (1-2):<placeholder-1/>\n"
22030
13843
msgstr ""
22031
13844
22032
13845
#: serverguide/C/backups.xml:823(para)
22040
13853
22041
13854
#: serverguide/C/backups.xml:827(computeroutput)
22042
13855
#, no-wrap
22043
msgid ""
22044
"\n"
22045
"Enter new Volume name: <placeholder-1/>\n"
22046
"Defined Pools:\n"
22047
" 1: Default\n"
22048
" 2: Scratch"
13856
msgid "\nEnter new Volume name: <placeholder-1/>\nDefined Pools:\n 1: Default\n 2: Scratch"
22049
13857
msgstr ""
22050
13858
22051
13859
#: serverguide/C/backups.xml:833(para)
22063
13871
22064
13872
#: serverguide/C/backups.xml:842(computeroutput)
22065
13873
#, no-wrap
22066
msgid ""
22067
"\n"
22068
"Select the Pool (1-2): <placeholder-1/>\n"
22069
"Connecting to Storage daemon TapeDrive at backupserver:9103 ...\n"
22070
"Sending label command for Volume \"Sunday\" Slot 0 ...\n"
13874
msgid "\nSelect the Pool (1-2): <placeholder-1/>\nConnecting to Storage daemon TapeDrive at backupserver:9103 ...\nSending label command for Volume \"Sunday\" Slot 0 ...\n"
22071
13875
msgstr ""
22072
13876
22073
13877
#: serverguide/C/backups.xml:850(para)
22074
msgid ""
22075
"Congratulations, you have now configured <emphasis>Bacula</emphasis> to "
22076
"backup the localhost to an attached tape drive."
13878
msgid "Congratulations, you have now configured <emphasis>Bacula</emphasis> to backup the localhost to an attached tape drive."
22077
13879
msgstr ""
22078
13880
22079
13881
#: serverguide/C/backups.xml:858(para)
22080
msgid ""
22081
"For more <emphasis>Bacula</emphasis> configuration options refer to the "
22082
"<ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's "
22083
"Manual</ulink>"
13882
msgid "For more <emphasis>Bacula</emphasis> configuration options refer to the <ulink url=\"http://www.bacula.org/en/rel-manual/index.html\">Bacula User's Manual</ulink>"
22084
13883
msgstr ""
22085
13884
22086
13885
#: serverguide/C/backups.xml:864(para)
22087
msgid ""
22088
"The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains "
22089
"the latest Bacula news and developments."
13886
msgid "The <ulink url=\"http://www.bacula.org/\">Bacula Home Page</ulink> contains the latest Bacula news and developments."
22090
13887
msgstr ""
22091
13888
22092
13889
#. Put one translator per line, in the form of NAME <EMAIL>, YEAR1, YEAR2
22093
13890
#: serverguide/C/backups.xml:0(None)
22094
13891
msgid "translator-credits"
22095
13892
msgstr ""
13893
Loggerhead is a web-based interface for Breezy
Version: 2.0.1